Date: Mon, 20 May 1996 21:14:29 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: ejs@bfd.com (Eric J. Schwertfeger) Cc: terry@lambert.org, archie@whistle.com, dwhite@riley-net170-164.uoregon.edu, clintm@ICSI.Net, FreeBSD-Questions@freebsd.org Subject: Re: ip masquerading Message-ID: <199605210414.VAA07076@mistery.mcafee.com> In-Reply-To: <Pine.BSF.3.91.960518105811.17730A-100000@harlie.bfd.com> from "Eric J. Schwertfeger" at May 18, 96 11:07:09 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > On Fri, 17 May 1996, Terry Lambert wrote: > > Which is to say, you turn on IP forwarding by default (which is illegal) > > and rewrite the packet source headers on the way in and out (which is > > also illegal). > > > Writing a socks client that hooks to a tunnel driver on the machine > > that needs the masquerading is a better solution, and it doesn't > > require kernel hacks to get there (or source hacks for statically > > linked binaries, like normal socks does). And it does it without > > violating the world. > > > > I guess you would need to write a tunnel client daemon (instead of > > putting in about twice as much work to write IP masquerading, as > > well as dragging the poor kernel into the mess). > > > > Seems like that would provide the same capability for less effort > > with fewer drabacks -- but would require an OS (like FreeBSD) with > > tunnel drivers to make it work. > > And as I've said before, Sorry, I don't have the source to Win95, so I > can't do that. I agree that masquerading isn't a fix-all, or even the > prefered method of handling this, but until Socks5 is to the point that > it can "socksify" programs that I don't have source for, without > interferring with regular operations, and do this under OS/2, Windows > 3.X, NT, and Win95, then my choice is to run linux on our firewall and > use masquerading, or to spend a few weeks of time that I haven't got > figuring out how to proxy a bunch of non-standard services for apps that > I haven't got source for. Win 95's native TCP/IP configuration dialogs include a field for "proxy" (much like the configuration dialogs of Netscape and QVTNet's Telnet and FTP clients). I suspect that Win '95 can talk to a SOCKS gateway. If anyone knows for sure (either way) please speak up. If it is SOCKS compliant than all one should have to do is fill in the dialog and any of the Win '95 included applets should work "out of the box." (well, work as well as they do with a "real" IP address anyway). Jim Dennis, System Administrator, McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605210414.VAA07076>