Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!vic.news.telstra.net!act.news.telstra.net!psgrain!iafrica.com!uct.ac.za!und.ac.za!peacenjoy.mikom.csir.co.za!news.uoregon.edu!arclight.uoregon.edu!enews.sgi.com!decwrl!usenet.cisco.com!iverson From: iverson@cisco.com (Tim Iverson) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: NAT / IP Masquerading Date: 16 Aug 1996 02:28:45 GMT Organization: cisco Lines: 21 Message-ID: <4v0mct$75t@cronkite.cisco.com> References: <320F7133.41A5@ase.telerate.com> <32127C57.7B4D268B@lambert.org> NNTP-Posting-Host: rottweiler.cisco.com In article <32127C57.7B4D268B@lambert.org>, Terry Lambert <terry@lambert.org> wrote: |Jim King wrote: |] I have an application where I'm thinking of using a FreeBSD box |] as a router to do NAT. This is very straightforward, I just ... |] I've tried running IP Filter on FreeBSD 2.1.5-RELEASE. It sometimes |] works, but today I'm getting a kernel panic every time I try to ping It works for me on 215R, but then I've hacked it bit. |I believe that ICMP datagrams would not normally be forwarded by |any type of "masquerading"... you would need real proxy services |(seee RFC-1919 where it talks about "...Transparent IP Proxies..."). Many NATs also do quite a bit of proxy work, usually ICMP and FTP as a minimum -- after all, a completely blind NAT isn't terribly useful. I can ftp, ping, and traceroute across my IP-Filter NAT'd network. - Tim Iverson iverson@lionheart.com