Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!solace!eru.mt.luth.se!bloom-beacon.mit.edu!news.mathworks.com!enews.sgi.com!decwrl!usenet.cisco.com!iverson From: iverson@cisco.com (Tim Iverson) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IP Masqerading? Date: 15 Aug 1996 23:53:20 GMT Organization: cisco Lines: 39 Message-ID: <4v0d9g$si5@cronkite.cisco.com> References: <jfortes-1307951117380001@10.0.2.15> <4un1qu$kp9@jupiter.dnai.com> <Pine.BSI.3.94.960814191714.10347A-100000@spyder.inna.net> NNTP-Posting-Host: rottweiler.cisco.com In article <Pine.BSI.3.94.960814191714.10347A-100000@spyder.inna.net>, Jamie Bowden <jamie@inna.net> wrote: |On 12 Aug 1996, Karl Wiebe wrote: |> jfortes@jaguar.saturn.net (Jonathan A. Fortes) wrote: |> >Has IP masquerading ever been impllemented in FreeBSD? |> Darren Reed's IPFilter and you can have NAT ( == IP Masquerading ). |> http://cheops.anu.edu.au/~avalon/ip-filter.html | |Talk about doing it the hard way. Just man ifconfig. It's built in. | |Jamie Bowden |Network Administrator, TBI Ltd. No, it's not. You can do aliasing via ifconfig, but not NAT. Network Address Translation allows you to map an entire *network* to a different set of IP addresses; eg. suppose your internal LAN uses 10.10.10.0, using NAT, you can map these internal addresses from 10.10.10.0/24 to, say, 204.16.18.0/24, which has been granted to you by your ISP. Folks from outside your network would see your systems as being on 204.16.18.0/24, not 10.10.10.0/24. Of even more interest to many folks is the ability to map many internal IPs to just one external IP. I do this, and it saves me several hundred dollars a month compared to renting a block of IPs from my ISP. The reason NAT often spawns religious diatribes is that blind NAT doesn't work very well -- it breaks protocols that embed IP addresses inside the payload. To do a really good job, your NAT code must understand which protocols do this and handle them appropriately. Some overly prissy engineers balk at lifting a packet's skirts and playing with what you find underneath, "packets should remain pristine", they say. Ha! All ya gotta do is ask nice and apply a little finesse and the packet will be yours. And, what you do with your packet in private is absolutely none of their concern ... ;-) - Tim Iverson iverson@lionheart.com