Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!vic.news.telstra.net!act.news.telstra.net!psgrain!iafrica.com!pipex-sa.net!plug.news.pipex.net!pipex!weld.news.pipex.net!pipex!hole.news.pipex.net!pipex!news.be.innet.net!INbe.net!news.nl.innet.net!INnl.net!hunter.premier.net!news-res.gsl.net!news.gsl.net!swrinde!elroy.jpl.nasa.gov!ames!usenet.cisco.com!iverson From: iverson@cisco.com (Tim Iverson) Newsgroups: comp.unix.bsd.freebsd.misc Subject: NAT (was Re: IP Masquerading in user PPP?) Date: 12 Jul 1996 00:47:32 GMT Organization: cisco Lines: 35 Message-ID: <4s47b4$oh3@cronkite.cisco.com> References: <Pine.BSF.3.91.960708224558.170A-100000@darkstar> <4s1fb8$dj@anorak.coverform.lan> NNTP-Posting-Host: rottweiler.cisco.com In article <4s1fb8$dj@anorak.coverform.lan>, Brian Somers <brian@awfulhak.demon.co.uk> wrote: |Charles Mott (cmott@srv.net) wrote: |: My question is this: is it structurally possible for IP masquerading to be |: implemented within user PPP (not pppd)? If so, I would appreciate some | |I'm sort of responsible for this at the moment. I have mucked around with |a few "designs", and I think that you're probably right, iijppp is the best |place for it. I havn't examined all the pros & cons yet - I am still at the Noooooooo, please not there! ;-) If you do it, please put this into the TCP/IP stack. If you just put it into PPP, only users of that particular PPP flavor can use it. NAT is not only useful for PPP, but also for interfacing two LANs that use the same private IP space. You also incur extra overhead with NAT in PPP instead of the IP stack, since you need to compute the checksums again. Start with the source to ipfilter. It runs on many different Unix platforms and also does NAT. If you make the NAT in ipfilter better, you'll not only improve FreeBSD (WAN and LAN), but many other Unixen as well. |Anyway, if you're interrested in this, give me a shout via email. I have |a very limited amount of time (10 month old baby), so things are anoyingly Starting with ipfilter will save you time, too. It's NAT is very new (still has a few small bugs), but it runs pretty much right out of the box. I use it at home to connect my tiny LAN to work and to my ISP. It's also a much better firewall than IPFW. Well, at least *I* like it better. ;-) IP/filter: http://cheops.anu.edu.au/~avalon/ip-filter.html. - Tim Iverson iverson@cisco.com