diff options
author | jkh <jkh@FreeBSD.org> | 1996-12-12 14:39:47 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 1996-12-12 14:39:47 +0000 |
commit | e9d9f1a03faaebd237b178bafd1984ebdb7f10ce (patch) | |
tree | 34061737a5a78521d3b8272572be78e37e2e5ee3 /usr.sbin/ppp/README.alias | |
parent | ea690c232d51299477c23bce3db9b26729d4878e (diff) | |
download | FreeBSD-src-e9d9f1a03faaebd237b178bafd1984ebdb7f10ce.zip FreeBSD-src-e9d9f1a03faaebd237b178bafd1984ebdb7f10ce.tar.gz |
The infamous IP aliasing code for ppp, modified to work as a runtime option
(otherwise ppp's behavior remains unchanged) and documented by myself,
Steve Sims, Nate Williams, Martin Renters and god-only-knows who else. :-)
Submitted by: nate
Obtained from: Charles Mott <cmott@srv.net>
Diffstat (limited to 'usr.sbin/ppp/README.alias')
-rw-r--r-- | usr.sbin/ppp/README.alias | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/usr.sbin/ppp/README.alias b/usr.sbin/ppp/README.alias new file mode 100644 index 0000000..51465f8 --- /dev/null +++ b/usr.sbin/ppp/README.alias @@ -0,0 +1,112 @@ +User PPP Packet Aliasing + +0. Contents + 1. Background + 2. Setup + 3. Future Development + + +1. Background + +User ppp has embedded packet aliasing (IP masquerading) code. +When this capability is enabled by the "-alias" command line +option, the ppp host will automatically alias IP packets forwarded +from a local network so that they appear to come from the ppp +host machine. Incoming packets from the outside world are then +appropriately de-aliased. + +The process of aliasing involves both the IP address as well as +TCP and UDP port numbers. ICMP packets can be aliased by either +their id or sequence numbers. + +This software was specifically meant to support users who have +unregistered, private address IP networks (e.g. 192.168.0.x or +10.0.0.x addresses). The ppp host can act as a gateway for these +networks, and computers on the local area net will have some +degree of internet access without the need for a registered IP +address. Additionally, there will be no need for an internet +service provider to maintain routing tables for the local area +network. + +A disadvantage of packet aliasing is that machines on the local +network, behind the ppp host, can establish tcp connections and +make udp inqiries (such as domain name service requests), but these +machines, other than the ppp host itself, are not visible from +the outside world. There is, in effect, a partial firewall. + +A second disadvantage is that "IP encoding" protocols, which send +IP address or port information within the data stream, are not +supported unless exception code has been put in place. A workaround +for ftp, which is the most well known of the IP encoding protocols, +has been developed in this implementation, so users do not have +to depend on using the ftp passive mode, as is sometimes the case +with other masquerading solutions. + +All standard, non-encoding TCP and UDP protocals are supported, +Examples of these protocols are http, gopher and telnet. The +standard UDP mode of RealAudio is not presently supported, +but the TCP mode does work correctly. IRC is reported by users +to work in some, but not all, modes. + +The packet aliasing code also handle many ICMP messages. In +particular, ping and traceroute are supported. + + + +2. Packet Aliasing Setup + +It is recommended that correct ppp operation first be verified +without packet aliasing enabled. Then ppp can be started with +the "-alias" option in the command line. Correct network operation +of the ppp host in packet aliasing mode should then be verified. +Finally, machines on the private network should be checked to see +whether they can access the internet. + +Since the masquerading software aliases all packets, whether +they come from the host or another computer on the local area +network, a correctly operating ppp host will indicate that the +software should work properly for other computers on the private +network. + +If the ppp host can access the internet, but other computers on +the local network cannot do this, then it should be checked that +IP forwarding is enabled on the ppp host and that the other +computers use this machine as a gateway. Of course, proper +communications between machines within the local area network +should also be verified (do they use consistent subnet addresses +and masks?). + + + +3. Future Development + +What is called packet aliasing here has been variously called +masquerading, network address translation (NAT) and transparent +proxying by others. It is an extremely useful function to +many users, but it is also necessarily imperfect. Workarounds +(hacks) are always needed for the occasional IP-encoding +protocols. + +The specific solution implemented here does not block off or +reserve any segment of TCP or UDP ports on the ppp host for use +by the masquerading function. No communication to the kernel +is needed in this matter. All packets are aliased, whether +they originate from the ppp host or other computers on the +local network. This is a central issue, and some programmers +may wish to handle this differently. + +The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c +and alias_util.c) runs in user space, and is intended to be +both portable and reusable for interfaces other than ppp. The +basic engine is accessed by four simple function calls +(initialization, communication of host address, outgoing +aliasing and incoming de-aliasing). + +Limited IP fragment handling exists. Once the packet aliasing +software sees the header fragment of a packet, all other fragments +will be correctly forwarded. However, if the header fragment +does not come first, then some fragments will be lost. + +Charles Mott (cmott@srv.net) +December 4, 1996 + |