From owner-freebsd-stable  Mon Dec 16 14:58:58 1996
Return-Path: <owner-stable>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA11556
          for stable-outgoing; Mon, 16 Dec 1996 14:58:58 -0800 (PST)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA11542;
          Mon, 16 Dec 1996 14:58:46 -0800 (PST)
Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.2/8.8.2) with SMTP id OAA06326; Mon, 16 Dec 1996 14:53:38 -0800 (PST)
Message-ID: <32B5D2C4.41C67EA6@whistle.com>
Date: Mon, 16 Dec 1996 14:52:52 -0800
From: Julian Elischer <julian@whistle.com>
Organization: Whistle Communications
X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386)
MIME-Version: 1.0
To: Charles Owens <owensc@enc.edu>
CC: Gary Roberts <wangel@wgrobez1.remote.louisville.edu>,
        DNEX <dnex@access.digex.net>, current@freebsd.org, stable@freebsd.org
Subject: Re: IP masquerading (for a LAN, _not_ PPP)
References: <Pine.FBS.3.93.961216160041.11672I-100000@dingo.its.enc.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-stable@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Charles Owens wrote:
> 
> On Sun, 8 Dec 1996, Gary Roberts wrote:
> 
> > On Sun, 8 Dec 1996, DNEX wrote:
> >
> > > Does FreeBSD support IP masquerading or are there plans to implement it?
> > >
> >
> > Yes.  It does.  Charles Mott.  Nice piece of software.  Anyways, it's not
> > a program like linux uses, it uses the PPP program.  Check it out at:
> >
> > http://www.srv.net/~cmott/alias.html
> 
> This looks nifty, but I'm interested in doing masquerading on a firewall
> for users on a large LAN, not dialing in via PPP.  What's the status of
> doing _this_ with FreeBSD?
FreeBSD 2.2 includes the feature "DIVERT SOCKETS"
these can be used in conjunction with the ipfw code to
create a translation feature. 

Use the 'divert' keyword with the Ipfw to divert a packet to 
a 'divert socket' that is openned by the translation daemon.
the daemon monitors incoming packets and 'fiddles' the headers
accordingly.
It also dynamically changes the firewall rules depending on
the sessions being translated.

We have that runing here but unfortunatly, while we were able to
give the divert code out, we can'r give out the daemon..


julian


> 
> ---
> -