Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!vic.news.telstra.net!news.mira.net.au!yarrina.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.eng.convex.com!newshost.convex.com!news.duke.edu!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!tank.news.pipex.net!pipex!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!awfulhak.demon.co.uk!not-for-mail
From: brian@awfulhak.demon.co.uk (Brian Somers)
Newsgroups: comp.unix.bsd.netbsd.misc
Subject: Re: Can NetBSD do IP masquerading?
Date: 1 Apr 1996 13:28:26 +0100
Organization: Coverform Ltd.
Lines: 54
Message-ID: <4joi5a$e4@anorak.coverform.lan>
References: <4ita9j$14r@lastactionhero.rs.itd.umich.edu> <39991@lyssa.owl.de>
X-NNTP-Posting-Host: awfulhak.demon.co.uk
X-Newsreader: TIN [version 1.2 PL2]
Matthias Scheler (tron@lyssa.owl.de) wrote:
: Todd Ferris wrote in comp.unix.bsd.netbsd.misc about "Can NetBSD do IP
: masquerading?":
: > This seems like the ideal solution ...
: Ideal solution? I would call this just another big bad hack in Linux.
WRONG !
: --
: Matthias Scheler
: tron@lyssa.owl.de
My setup is similar, I run FreeBSD as a server. It answers the phone and
pretends to be a fax machine, it supplies filesystems via NFS to an OS/2
box as well as another FreeBSD/DOS box.
I am told that OS/2 has some "auto update" patch facility, but I can't
use this, 'cos my server machine owns my IP number. In fact, my server
doesn't even have a screen connected to it !
It's pathetic that I have to connect to my server via telnet or the like,
then to the net, and the only solution is proxies ?
The only bad bit about masquerading is that on large subnets, you may
run out of sockets on the gateway machine, but apart from that, I would
suggest that it's less of a "hack" than proxies !
I would be interested if anyone is planning on adding support to NetBSD
or FreeBSD, and if not, I would be willing. Are the following assumptions
true ?:
In the IP forwarding bit of the kernel, we already check if the received
packet has to be put down another interface... If so, we add a new bit
of code that says:
unsigned long myIP, inetIP, lanIP, mySocket, inetSocket, lanSocket;
Does this inetIP:inetSocket => myIP:mySocket pair have an entry in our
masquerade table ? If so, tweak the target IP:Socket to lanIP:lanSocket.
Otherwise, if this lanIP:lanSocket => inetIP:inetSocket pair is a
candidate for masquerading according to a config table,
allocate a local socket (mySocket)
put an entry in our masquerade table that says that
inetIP:inetSocket packets sent to myIP:mySocket will be changed to
go to lanIP:lanSocket
If it's this simple, I'll do it !
--
Brian <brian@awfulhak.demon.co.uk>
Don't _EVER_ lose your sense of humour....