*BSD News Article 63946


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!odin.oar.net!malgudi.oar.net!imci4!newsfeed.internetmci.com!news.kei.com!nntp.coast.net!torn!nott!bcarh189.bnr.ca!crchh327.rich.bnr.ca!news
From: Jon Buller <buller@nortel.com>
Newsgroups: comp.unix.bsd.netbsd.misc
Subject: Re: Can NetBSD do IP masquerading?
Date: Fri, 22 Mar 1996 08:49:54 -0600
Organization: Bell Northern Research
Lines: 49
Message-ID: <3152BE12.5931@nortel.com>
References: <4ita9j$14r@lastactionhero.rs.itd.umich.edu>
NNTP-Posting-Host: carphc05.rich.bnr.ca
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.0 (X11; I; HP-UX A.09.05 9000/712)

Todd Ferris wrote:
> 
> I have a local e-net that I want to have internet access.  The problem is
> that I have access to only a single *real* IP number (via PPP).

Sounds like my setup.  NetBSD/pc532 to the Internet via modem, Mac to
pc532
via serial line.

> I know that there are firewall/proxy packages out there (SOCKS?) that in
> theory should allow me to access the outside world through the NetBSD
> machine that has the PPP line.  The problem is that I would have to
> access it through proxy interfaces.

I use the TIS Firewall Toolkit.  Since about the only thing I do on the
Internet with my mac is Netscape, I only bothered with setting up the
http
proxy.  However, there is a ftp proxy, X proxy, etc.  as well as a
TCP/IP
port x to address/port y proxy for things like NNTP.  I've been thinking
about setting that one up, but since my mac is also my pc532 console, I
have to run ppp on the console to use the proxies.  It makes setup a bit
trickier, and if something hangs, you don't have a console anymore, so
I don't use it a whole lot.

> I noticed that linux has something called "IP masquerading".  From what I
> have gathered this is what I want.  It allows a single host with one IP
> to serve many hosts with *private* IP numbers (10.x.x.x etc.)  It does
> this by changing the packet address on the packets it routes, so that the
> outside world can only see the gateway IP address.

Interesting, the TIS system just listens on ports and forwards the
requests.
Standard client/server kind of stuff, and it sounds a lot easier to me
than
having the networking code muck with rewriting packets...

> This seems like the ideal solution since it doesn't require that a
> special proxy enabled client be used.

No special proxy clients for me, however Netscape does know about
proxies
already, otherwise I would have to put http://firewall/ in front of all
my
URLs. Not a real big deal, but a small annoyance on a regular basis...
8-(

Jon Buller <buller@nortel.com>
Include quotes, discaimers, graphics, etc. as desired or needed