Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Dec 1996 14:52:52 -0800
From:      Julian Elischer <julian@whistle.com>
To:        Charles Owens <owensc@enc.edu>
Cc:        Gary Roberts <wangel@wgrobez1.remote.louisville.edu>, DNEX <dnex@access.digex.net>, current@freebsd.org, stable@freebsd.org
Subject:   Re: IP masquerading (for a LAN, _not_ PPP)
Message-ID:  <32B5D2C4.41C67EA6@whistle.com>
References:  <Pine.FBS.3.93.961216160041.11672I-100000@dingo.its.enc.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
Charles Owens wrote:
> 
> On Sun, 8 Dec 1996, Gary Roberts wrote:
> 
> > On Sun, 8 Dec 1996, DNEX wrote:
> >
> > > Does FreeBSD support IP masquerading or are there plans to implement it?
> > >
> >
> > Yes.  It does.  Charles Mott.  Nice piece of software.  Anyways, it's not
> > a program like linux uses, it uses the PPP program.  Check it out at:
> >
> > http://www.srv.net/~cmott/alias.html
> 
> This looks nifty, but I'm interested in doing masquerading on a firewall
> for users on a large LAN, not dialing in via PPP.  What's the status of
> doing _this_ with FreeBSD?
FreeBSD 2.2 includes the feature "DIVERT SOCKETS"
these can be used in conjunction with the ipfw code to
create a translation feature. 

Use the 'divert' keyword with the Ipfw to divert a packet to 
a 'divert socket' that is openned by the translation daemon.
the daemon monitors incoming packets and 'fiddles' the headers
accordingly.
It also dynamically changes the firewall rules depending on
the sessions being translated.

We have that runing here but unfortunatly, while we were able to
give the divert code out, we can'r give out the daemon..


julian


> 
> ---
> -



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32B5D2C4.41C67EA6>