Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!uwm.edu!news.inap.net!news1!not-for-mail From: root@dyson.iquest.net (John S. Dyson) Subject: Re: IP masquerading under FreeBSD 2.1R X-Nntp-Posting-Host: dyson.iquest.net Message-ID: <4lnqg4$24h@dyson.iquest.net> Sender: news@iquest.net (News Admin) Organization: John S. Dyson's Machine References: <4ll7lb$9jj@sanson.dit.upm.es> Date: Thu, 25 Apr 1996 12:17:08 GMT Lines: 36 In article <4ll7lb$9jj@sanson.dit.upm.es>, Javier Martin Rueda <jmrueda@diatel.upm.es> wrote: > >What I want to do is to be able to access the Internet directly from the >other machine (the one that doesn't have a modem). I've heard that "IP >masquerading" would do what I want, but I haven't been able to locate it >in FreeBSD 2.1R. So, is it actually available in 2.1R? In any later >versions (stable, current)? As an add-on package? ... > I believe that the socks5 proxy package will do very much what you want. I think that it has been included into the ports tree. The IN-KERNEL masquerading that you MIGHT be referring to has been debated in the FreeBSD mailing lists, but generally it is thought to be a hack and contrary to existing RFC's (not too hard to do though.) The best way to do it is probably using the socks protocol (some MS Windows programs support it, incl Netscape!!!) It appears that it is the way to go. (It appears that since there is a compliant method, adding a hack is kind of bogus.) If someone chimes in with more info, that would be good, I have been working this issue at work, and have been taking an independent path using both the socks proxy code and IP filtering. BTW, the socks stuff, if you set it up correctly appears to give you a bit more security than just a simple ip (router) filter, given the feature set that you might provide to your inside machines. BTW, there are some other, more proprietary schemes that might be applicable for larger applications -- but for the size of the operation that you describe, socks will work just fine (and probably projects MUCH larger than yours also.) I am NOT the FreeBSD networking expert -- so someone competent using FreeBSD networking might want to chime in... Check out ftp://ftp.nec.com/pub/socks John