*BSD News Article 66819


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!uwm.edu!news.inap.net!news1!not-for-mail
From: root@dyson.iquest.net (John S. Dyson)
Subject: Re: IP masquerading under FreeBSD 2.1R
X-Nntp-Posting-Host: dyson.iquest.net
Message-ID: <4lnqg4$24h@dyson.iquest.net>
Sender: news@iquest.net (News Admin)
Organization: John S. Dyson's Machine
References: <4ll7lb$9jj@sanson.dit.upm.es>
Date: Thu, 25 Apr 1996 12:17:08 GMT
Lines: 36

In article <4ll7lb$9jj@sanson.dit.upm.es>,
Javier Martin Rueda  <jmrueda@diatel.upm.es> wrote:
>
>What I want to do is to be able to access the Internet directly from the
>other machine (the one that doesn't have a modem). I've heard that "IP
>masquerading" would do what I want, but I haven't been able to locate it
>in FreeBSD 2.1R. So, is it actually available in 2.1R? In any later
>versions (stable, current)? As an add-on package? ...
>
I believe that the socks5 proxy package will do very much what you want.
I think that it has been included into the ports tree.  The IN-KERNEL
masquerading that you MIGHT be referring to has been debated in the
FreeBSD mailing lists, but generally it is thought to be a hack and contrary
to existing RFC's (not too hard to do though.)  The best way to do it is
probably using the socks protocol (some MS Windows programs support it, incl
Netscape!!!)  It appears that it is the way to go.  (It appears that since
there is a compliant method, adding a hack is kind of bogus.)

If someone chimes in with more info, that would be good, I have been
working this issue at work, and have been taking an independent path
using both the socks proxy code and IP filtering.  BTW, the socks stuff, if
you set it up correctly appears to give you a bit more security than just a
simple ip (router) filter, given the feature set that you might provide to
your inside machines.

BTW, there are some other, more proprietary schemes that might be applicable
for larger applications -- but for the size of the operation that you describe,
socks will work just fine (and probably projects MUCH larger than yours also.)

I am NOT the FreeBSD networking expert -- so someone competent using FreeBSD
networking might want to chime in...

Check out ftp://ftp.nec.com/pub/socks

John