Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!odin.oar.net!malgudi.oar.net!imci4!newsfeed.internetmci.com!news.kei.com!nntp.coast.net!torn!nott!bcarh189.bnr.ca!crchh327.rich.bnr.ca!news From: Jon Buller <buller@nortel.com> Newsgroups: comp.unix.bsd.netbsd.misc Subject: Re: Can NetBSD do IP masquerading? Date: Fri, 22 Mar 1996 08:49:54 -0600 Organization: Bell Northern Research Lines: 49 Message-ID: <3152BE12.5931@nortel.com> References: <4ita9j$14r@lastactionhero.rs.itd.umich.edu> NNTP-Posting-Host: carphc05.rich.bnr.ca Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.0 (X11; I; HP-UX A.09.05 9000/712) Todd Ferris wrote: > > I have a local e-net that I want to have internet access. The problem is > that I have access to only a single *real* IP number (via PPP). Sounds like my setup. NetBSD/pc532 to the Internet via modem, Mac to pc532 via serial line. > I know that there are firewall/proxy packages out there (SOCKS?) that in > theory should allow me to access the outside world through the NetBSD > machine that has the PPP line. The problem is that I would have to > access it through proxy interfaces. I use the TIS Firewall Toolkit. Since about the only thing I do on the Internet with my mac is Netscape, I only bothered with setting up the http proxy. However, there is a ftp proxy, X proxy, etc. as well as a TCP/IP port x to address/port y proxy for things like NNTP. I've been thinking about setting that one up, but since my mac is also my pc532 console, I have to run ppp on the console to use the proxies. It makes setup a bit trickier, and if something hangs, you don't have a console anymore, so I don't use it a whole lot. > I noticed that linux has something called "IP masquerading". From what I > have gathered this is what I want. It allows a single host with one IP > to serve many hosts with *private* IP numbers (10.x.x.x etc.) It does > this by changing the packet address on the packets it routes, so that the > outside world can only see the gateway IP address. Interesting, the TIS system just listens on ports and forwards the requests. Standard client/server kind of stuff, and it sounds a lot easier to me than having the networking code muck with rewriting packets... > This seems like the ideal solution since it doesn't require that a > special proxy enabled client be used. No special proxy clients for me, however Netscape does know about proxies already, otherwise I would have to put http://firewall/ in front of all my URLs. Not a real big deal, but a small annoyance on a regular basis... 8-( Jon Buller <buller@nortel.com> Include quotes, discaimers, graphics, etc. as desired or needed