From owner-freebsd-questions Fri Sep 13 09:21:20 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA00385 for questions-outgoing; Fri, 13 Sep 1996 09:21:20 -0700 (PDT) Received: from al.imforei.apana.org.au (pjchilds@al.imforei.apana.org.au [202.12.89.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA00369 for ; Fri, 13 Sep 1996 09:21:04 -0700 (PDT) Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.7.5/8.7.3) id BAA08220; Sat, 14 Sep 1996 01:50:46 GMT Date: Sat, 14 Sep 1996 01:50:46 GMT From: Peter Childs Message-Id: <199609140150.BAA08220@al.imforei.apana.org.au> To: ricky@jsys.mozcom.com, freebsd-questions@freebsd.org Subject: Re: IP Address Spoofing X-Newsreader: TIN [version 1.2 PL2] Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <199609120601.OAA00521@jsys> you wrote: : Hello, co-FreeBSD users... Gday! : We are now installing an Internet and LAN environment in our office. We are using FreeBSD as our Internet server and at the same time as a router. Our provider assigned one IP address for our PPP serial port and we are planning to use the imaginary network 10.x.x.x for our Internal LAN. I read from the Linux book the term "spoofing" which do some proxying for the Internal IP address (10.x.x.x) to be recognized in the Internet. Does FreeBSD have such capabilities ? Please tell us the procedures and important things to configure the FreeBSD for "spoofing" if FreeBSD have ? : Please reply immediately so that our client PC's can have an access to the Internet. Well there are several ways to do this, depending on what you require and mean by access to the internet. The options you have depend on what you actually want to do... 1. Install the IPFilter package and enable NAT (network address translation). This "package" is not available _with_ freebsd by default, and is not the for the faint of heart (ie. you better know something about IP, firewalls, packet filtering, kernel compiling, hacking etc) This will provide you with the "ip spoofing" by translating internal addresses to appear if they came from the single ip on your server. 2. Install some sort of proxy'ing service on your server.. pretty easy and will allow proxy'd access to most resource on the internet... options are... . Squid (in /usr/ports/www/squid) is a cache and proxy that allows caching/proxy'ing of http/ftp/gopher/wais requests. . Socks (in /usr/ports/net/socks?) is a socks server, that lets you use applications that support socks to be proxied through your server. Depending on your exact requirements, and level of expertise, i'd pick from the above... Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!