From owner-freebsd-questions Sat Oct 26 16:39:38 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA22939 for questions-outgoing; Sat, 26 Oct 1996 16:39:38 -0700 (PDT) Received: from phoenix.volant.org (root@phoenix.volant.org [205.179.79.193]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA22930; Sat, 26 Oct 1996 16:39:32 -0700 (PDT) From: patl@asimov.volant.org Received: from asimov.volant.org (asimov.phoenix.volant.org [205.179.79.65]) by phoenix.volant.org (8.7.5/8.7.3) with SMTP id QAA23202; Sat, 26 Oct 1996 16:37:00 -0700 (PDT) Received: by asimov.volant.org (5.x/SMI-SVR4) id AA07687; Sat, 26 Oct 1996 16:40:48 -0700 Date: Sat, 26 Oct 1996 16:40:48 -0700 Message-Id: <9610262340.AA07687@asimov.volant.org> To: freebsd-questions@freefall.freebsd.org, ponds!lakes.water.net!rivers@freefall.freebsd.org, ponds!rivers@dg-rtp.dg.com Subject: Re: IP-masquerading for private networks. Reply-To: patl@Phoenix.volant.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Md5: prPOUdrw3XpiN7Ad0+cnIg== Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk |> ... |> I know this has been discussed/hinted at in the past. But, I'm |> hoping to get a real solid answer. |> |> I have one machine, which is, at times, connected to two networks. |> 1) My work network (a private network itself), and 2) my ISP. |> |> This machine is my primary gateway to the rest of "the world". |> [news/mail hub, etc...] |> |> Connected to this machine, via a small ethernet - are the remainder |> of the machines in my host - Win95 boxes, a couple other FreeBSD boxes, |> |> All of the machines in the house are on the 10.0.0.x private network. |> |> I'd like to have unfettered internet access to the world at-large. |> [Right now, I log onto the mail server, run a shell script to do |> the slattach and telnet/ftp from there.] |> |> I've seen some solutions: |> ... The best way to handle this is to obtain a real IP network number from your ISP so that you can set up a real gateway. [ If you search the mail archives on www.freebsd.org you should find a message from one of the protocol experts explaining why IP masquerading cannot possibly be done and still maintain full standards compliance. ] But there is also another factor you should consider. If your ISP won't assign you a network and route to you because you have an individual user account; then connecting an entire network via that account could probably be construed as theft of services. (Read your contract with them and their acceptable use policy -very- carefully.) -Pat My opinions are my own. For a small royalty, they can be yours as well... Pat Lashley, Senior Software Engineer, Henry Davis Consulting patl@Phoenix.Volant.ORG http://Phoenix.Volant.ORG/ PGP Key Fingerprint: 2C 2A A9 8E 86 F1 AE 17 55 9D 49 31 5B 96 E7 92