Renamed to README.nat

1 files changed, 0 insertions, 352 deletions

diff --git a/usr.sbin/ppp/README.alias b/usr.sbin/ppp/README.alias
deleted file mode 100644
index 5d29773..0000000
--- a/usr.sbin/ppp/README.alias
+++ /dev/null
@@ -1,352 +0,0 @@
-User PPP Packet Aliasing
-
-
-
-0. Contents
-    1. Background
-    2. Setup
-    3. New commands in ppp
-    4. Future Work
-    5. Authors / Acknowledgements
-    6. Revision History for Aliasing Code
-
-
-
-1. Background
-
-User mode ppp has embedded packet aliasing (IP masquerading) code.
-Enabling this, either by the "-alias" command line option or the
-"alias enable yes" command in a ppp.conf file, makes the ppp host
-automatically alias IP packets forwarded from a local network, making
-them appear to come from the ppp host machine.  Incoming packets
-from the outside world are then appropriately de-aliased.
-
-The process of aliasing involves both the IP address and the TCP or UDP
-port numbers. ICMP echo and timestamp packets are aliased by their id
-numbers.  ICMP error messages can be properly directed by examining the
-fragment of the offending packet which is contained in the body of the
-message.
-
-This software was specifically meant to support users who have
-unregistered, private address IP networks (e.g. 192.168.0.x or 10.0.0.x
-addresses).  The ppp host can act as a gateway for these networks, and
-computers on the local area net will have some degree of Internet access
-without the need for a registered IP address.  Additionally, there will
-be no need for an Internet service provider to maintain routing tables
-for the local area network.
-
-A disadvantage of packet aliasing is that machines on the local network,
-behind the ppp host, are not visible from the outside world.  They can
-establish TCP connections and make UDP inquiries (such as domain name
-service requests) but the connections seem to come from the ppp host
-itself.  There is, in effect, a partial firewall.  Of course, if this is
-what you want, the disadvantage becomes an advantage.
-
-A second disadvantage is that "IP encoding" protocols, which send IP
-address or port information within the data stream, are not supported
-for the cases where exception code exists.  This implementation has
-workarounds for FTP and IRC DCC, the most well known of the IP encoding
-protocols.  This frees users from depending on using the ftp passive
-mode and avoiding IRC DCC sends, as is sometimes the case with other
-masquerading solutions.
-
-The implementation supports all standard, non-encoding TCP and UDP protocols.
-Examples of these protocols are http, gopher and telnet. The standard UDP
-mode of Real-Audio is not presently supported, but the TCP mode does work
-correctly.
-
-The packet aliasing code also handle many ICMP messages.  In particular,
-ping and traceroute are supported.
-
-
-
-2. Packet Aliasing Setup
-
-It is recommended that users first verify correct ppp operation without
-packet aliasing enabled.  This will confirm that the ppp.conf file is
-properly set up and that there are no ppp problems. Then start ppp with
-the "-alias" option on the command line.  The user should verify that
-the ppp host can correctly connect to the Internet in packet aliasing
-mode.  Finally, check that machines on the private network can access
-the Internet.
-
-The masquerading software aliases all packets, whether they come from
-the host or another computer on the local area network.  Thus, a correctly
-operating ppp host indicates that the software should work properly for
-other computers on the private network.
-
-If the ppp host can access the Internet, but other computers on the local
-network cannot, check that IP forwarding is enabled on the ppp host. Also,
-verify that the other computers use this machine as a gateway.  Of course,
-you should also verify that machines within the local area network
-communicate properly.  A common error is inconsistent subnet addresses
-and masks.
-
-
-
-3. New commands in ppp
-
-In order to control aliasing behaviour in a simple manner (no need for
-recompilation), a new command has been added to ppp: alias.  This
-is in addition to the -alias command line option.  System managers and
-more experienced users may prefer to use the ppp command syntax
-within the ppp.conf file.  The alias command also allows packet aliasing
-behaviour to be more precisely specified.
-
-The decision to add a command instead of extending 'set' or 'option' was
-to make obvious that these options only work when aliasing is enabled.
-
-The syntax for 'alias' is
-
-    ppp>  alias option [yes|no]
-
-where option is given by one of the following templates.
-
-
- - alias enable [yes|no]  (default no)
-
-Enable packet aliasing functionality.  If disabled, no other alias
-options will have any effect.  You should usually enable aliasing
-before routing any packets over the link; good points are in the
-initial script or right before adding a route.  If you do not always
-want aliasing, consider using the -alias option to ppp instead of this
-command.
-
-
- - alias deny_incoming [yes|no] (default yes)
-
-Set to "yes" to disable all incoming connections.  This just drops
-connections to, for example, ftp, telnet or web servers.  The aliasing
-mechanism prevents these connections. Technically, this option denies
-all incoming TCP and UDP requests, making the aliasing software a
-fairly efficient one-way firewall.  The default is no, which will allow
-all incoming connections to telnetd, ftpd, etc.
-
-
- - alias log [yes|no]
-
-Controls logging of alias link creation to "/var/log/alias.log" - this
-is usually only useful if debugging a setup, to see if the bug is in
-the PPP aliasing.  The debugging information is fairly limited, listing
-the number of aliasing links open for different protocols.
-
-
- - alias same_ports [yes|no] (default yes)
-
-When a connection is being established going through the aliasing
-routines, it will normally have its port number changed to allow the
-aliasing code to track it.  If same_ports is enabled, the alias
-software attempts to keep the connection's source port unchanged.
-This will allow rsh, RPC and other specialised protocols to work
-_most of the time_, at least on the host machine.  Please, do not
-report this being unstable as a bug - it is a result of the way
-aliasing has to work. TCP/IP was intended to have one IP address
-per machine.
-
-
- - alias use_sockets [yes|no] (default yes)
-
-This is a fairly obscure option.  For the most part, the packet aliasing
-software does not have to allocate system sockets when it chooses an
-aliasing port number.  Under very specific circumstances, FTP data
-connections (which don't know the remote port number, though it is
-usually 20) and IRC DCC send (which doesn't know either the address or
-the port from which the connection will come), there can potentially be
-some interference with an open server socket having the same port number
-on the ppp host machine.  This possibility for interference only exists
-until the TCP connection has been acknowledged on both sides.  The safe
-option is yes, though fewer system resources are consumed by specifying
-no.
-
-
- - alias unregistered_only [yes|no] (default no)
-
-Packet aliasing normally remaps all packets coming from the local area
-network to the ppp host machine address.  Set this option to only map
-addresses from the following standard ranges for private, unregistered
-addresses:
-
-                10.0.0.0     ->   10.255.255.255
-                172.16.0.0   ->   172.31.255.255
-                192.168.0.0  ->   192.168.255.255  */
-
-In the instance that there is a subnet of public addresses and another
-subnet of private addresses being routed by the ppp host, then only the
-packets on the private subnet will be aliased.
-
-
-- alias port <proto> <local addr>:<port>  <alias port>
-
-This command allows incoming traffic to <alias port> on the host 
-machine to be redirected to a specific machine and port on the
-local area network.  One example of this would be:
-
-    alias port tcp 192.168.0.4:telnet  8066
-
-All traffic to port 8066 of the ppp host would then be sent to
-the telnet port (23) of machine 192.168.0.4.  Port numbers
-can either be designated numerically or by symbolic names
-listed in /etc/services.  Similarly, addresses can be either
-in dotted quad notation or in /etc/hosts.
-
-
-- alias addr <local addr> <public addr>
-
-This command allows traffic for a public IP address to be
-redirected to a machine on the local network.  This function
-is known as "static NAT".  An address assignment of 0 refers
-to the default address of the ppp host.  Normally static
-NAT is useful if your ISP has allocated a small block of
-IP addresses to the user, but it can even be used in the
-case of a single, dynamically allocated IP address:
-
-    alias addr 10.0.0.8 0
-
-The above command would redirect all incoming traffic to
-machine 10.0.0.8. 
-
-If several address aliases specify the same public address
-as follows
-
-    alias addr 192.168.0.2  public_addr
-    alias addr 192.168.0.3  public_addr
-    alias addr 192.168.0.4  public_addr
-
-then incoming traffic will be directed to the last
-translated local address (192.168.0.4), but outgoing
-traffic to the first two addresses will still be aliased
-to the specified public address.
-
-
-
-4. Future Work
-
-What is called packet aliasing here has been variously called masquerading,
-network address translation (NAT) and transparent proxying by others.  It
-is an extremely useful function to many users, but it is also necessarily
-imperfect.  The occasional IP-encoding protocols always need workarounds
-(hacks).  Users who are interested in supporting new IP-encoding protocols
-can follow the examples of alias_ftp.c and alias_irc.c.
-
-ICMP error messages are currently handled only in the incoming direction.
-A handler needs to be added to correctly alias outgoing error messages.
-
-IRC and FTP exception handling make reasonable, though not strictly correct
-assumptions, about how IP encoded messages will appear in the control
-stream.  Programmers may wish to consider how to make this process more
-robust.
-
-The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c, alias_irc.c
-and alias_util.c) runs in user space, and is intended to be both portable
-and reusable for interfaces other than ppp.  To access the basic engine
-only requires four simple function calls (initialisation, communication of
-host address, outgoing aliasing and incoming de-aliasing).
-
-
-
-5. Authors / Acknowledgements
-
-Charles Mott (cmott@srv.net)   <versions 1.0 - 1.8, 2.0, 2.1>
-Eivind Eklund (perhaps@yes.no) <versions 1.8b - 1.9, new ppp commands>
-
-Listed below, in chronological order, are individuals who have provided
-valuable comments and/or debugging assistance.
-
-    Gary Roberts
-    Tom Torrance
-    Reto Burkhalter
-    Martin Renters
-    Brian Somers
-    Paul Traina
-    Ari Suutari
-    J. Fortes
-    Andrzej Bialeki
-
-
-
-6. Revision History for Aliasing Code
-
-Version 1.0: August 11, 1996 (cjm)
-
-Version 1.1:  August 20, 1996  (cjm)
-    PPP host accepts incoming connections for ports 0 to 1023.
-
-Version 1.2:  September 7, 1996 (cjm)
-    Fragment handling error in alias_db.c corrected.
-
-Version 1.3: September 15, 1996 (cjm)
-    - Generalised mechanism for handling incoming connections
-      (no more 0 to 1023 restriction).
-    - Increased ICMP support (will handle traceroute now).
-    - Improved TCP close connection logic.
-
-Version 1.4: September 16, 1996
-    Can't remember (this version only lasted a day -- cjm).
-
-Version 1.5: September 17, 1996 (cjm)
-    Corrected error in handling incoming UDP packets
-    with zero checksum.
-
-Version 1.6: September 18, 1996
-    Simplified ICMP data storage.  Will now handle
-    tracert from Win95 as well as FreeBSD traceroute.
-
-Version 1.7: January 9, 1997 (cjm)
-    - Reduced malloc() activity for ICMP echo and 
-      timestamp requests.
-    - Added handling for out-of-order IP fragments.
-    - Switched to differential checksum computation
-      for IP headers (TCP, UDP and ICMP checksums
-      were already differential).
-    - Accepts FTP data connections from other than
-      port 20.  This allows one ftp connections
-      from two hosts which are both running packet
-      aliasing.
-
-Version 1.8: January 14, 1997 (cjm)
-    - Fixed data type error in function StartPoint()
-      in alias_db.c (this bug did not exist before v1.7)
-
-Version 1.8b: January 16, 1997 (Eivind Eklund <perhaps@yes.no>)
-    - Upgraded base PPP version to be the source code from
-      FreeBSD 2.1.6, with additional security patches.  This
-      version should still be possible to run on 2.1.5, though -
-      I've run it with a 2.1.5 kernel without problems.
-      (Update done with the permission of cjm)
-
-Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
-    - Added support for IRC DCC (ee)
-    - Changed the aliasing routines to use ANSI style throughout -
-      minor API changes for integration with other programs than PPP (ee)
-    - Changed the build process, making all options switchable
-      from the Makefile (ee)
-    - Fixed minor security hole in alias_ftp.c for other applications
-      of the aliasing software.  Hole could _not_ manifest in
-      PPP+pktAlias, but could potentially manifest in other
-      applications of the aliasing. (ee)
-    - Connections initiated from packet aliasing host machine will
-      not have their port number aliased unless it conflicts with
-      an aliasing port already being used. (There is an option to
-      disable this for debugging) (cjm)
-    - Sockets will be allocated in cases where there might be
-      port interference with the host machine.  This can be disabled
-      in cases where the ppp host will be acting purely as a 
-      masquerading router and not generate any traffic of its own.
-      (cjm)
-
-Version 2.0: March, 1997 (cjm)
-    - Incoming packets which are not recognised by the packet
-      aliasing engine are now completely dropped in ip.c.
-    - Aliasing links are cleared when a host interface address
-      changes (due to re-dial and dynamic address allocation).
-    - PacketAliasPermanentLink() API added.
-    - Option for only aliasing private, unregistered IP addresses
-      added.
-    - Substantial rework to the aliasing lookup engine.
-
-Version 2.1: May, 1997 (cjm)
-    - Continuing rework to the aliasing lookup engine to support
-      multiple incoming addresses and static NAT.
-    - Now supports outgoing as well as incoming ICMP error messages/
-    - PPP commands to support address and port redirection.
-