From owner-freebsd-questions  Wed Jun  6 20:33:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP id 7D86E37B407
	for <freebsd-questions@FreeBSD.ORG>; Wed,  6 Jun 2001 20:33:12 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.11.3/8.11.3) id f573XBZ12894;
	Wed, 6 Jun 2001 22:33:11 -0500 (CDT)
	(envelope-from dan)
Date: Wed, 6 Jun 2001 22:33:10 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: Doug Lee <dgl@visi.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Shared IP, real-time packet editing, or best offer...?
Message-ID: <20010606223310.A28508@dan.emsphone.com>
References: <20010606222424.A4331@kirk.sector14.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010606222424.A4331@kirk.sector14.net>
User-Agent: Mutt/1.3.18i
X-OS: FreeBSD 5.0-CURRENT
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In the last episode (Jun 06), Doug Lee said:
> I want to do something a bit beyond NAT:
> 
> MSN Messenger's audio protocol and at least the IRC DCC protocols
> I've seen send a workstation's IP address inside the data section of
> a TCP packet.  When the workstation's address is NATed and private,
> this translates to communication failure, since the unsuspecting
> machine at the other end has no way to route a packet back to the
> workstation.
> 
> I can think of two possible solutions to this: (1) sharing the public
> IP such that the workstation believes it owns the address but really
> only owns the address on certain ports, or (2) editing packets as
> they go by and possibly triggering actions, such as firewall
> modification, based on data patterns in packets.

Option 2 has already been implemented for quite a few protocols and is
already used in /sbin/natd and /usr/sbin/ppp in the form of the "alias"
library.  Take a look at /usr/src/lib/libalias and the libalias
manpage.  It already handles IRC, and assuming you could figure out the
protocol for Messenger, adding new modules is pretty easy.


-- 
	Dan Nelson
	dnelson@emsphone.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message