From owner-freebsd-questions Mon May 20 21:02:08 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id VAA20029 for questions-outgoing; Mon, 20 May 1996 21:02:08 -0700 (PDT) Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA20018 for ; Mon, 20 May 1996 21:02:05 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id VAA07076; Mon, 20 May 1996 21:14:29 -0700 From: Jim Dennis Message-Id: <199605210414.VAA07076@mistery.mcafee.com> Subject: Re: ip masquerading To: ejs@bfd.com (Eric J. Schwertfeger) Date: Mon, 20 May 1996 21:14:29 -0700 (PDT) Cc: terry@lambert.org, archie@whistle.com, dwhite@riley-net170-164.uoregon.edu, clintm@ICSI.Net, FreeBSD-Questions@freebsd.org In-Reply-To: from "Eric J. Schwertfeger" at May 18, 96 11:07:09 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > > On Fri, 17 May 1996, Terry Lambert wrote: > > Which is to say, you turn on IP forwarding by default (which is illegal) > > and rewrite the packet source headers on the way in and out (which is > > also illegal). > > > Writing a socks client that hooks to a tunnel driver on the machine > > that needs the masquerading is a better solution, and it doesn't > > require kernel hacks to get there (or source hacks for statically > > linked binaries, like normal socks does). And it does it without > > violating the world. > > > > I guess you would need to write a tunnel client daemon (instead of > > putting in about twice as much work to write IP masquerading, as > > well as dragging the poor kernel into the mess). > > > > Seems like that would provide the same capability for less effort > > with fewer drabacks -- but would require an OS (like FreeBSD) with > > tunnel drivers to make it work. > > And as I've said before, Sorry, I don't have the source to Win95, so I > can't do that. I agree that masquerading isn't a fix-all, or even the > prefered method of handling this, but until Socks5 is to the point that > it can "socksify" programs that I don't have source for, without > interferring with regular operations, and do this under OS/2, Windows > 3.X, NT, and Win95, then my choice is to run linux on our firewall and > use masquerading, or to spend a few weeks of time that I haven't got > figuring out how to proxy a bunch of non-standard services for apps that > I haven't got source for. Win 95's native TCP/IP configuration dialogs include a field for "proxy" (much like the configuration dialogs of Netscape and QVTNet's Telnet and FTP clients). I suspect that Win '95 can talk to a SOCKS gateway. If anyone knows for sure (either way) please speak up. If it is SOCKS compliant than all one should have to do is fill in the dialog and any of the Win '95 included applets should work "out of the box." (well, work as well as they do with a "real" IP address anyway). Jim Dennis, System Administrator, McAfee Associates