Re: tlug: It works!

[Scott Stone <sstone@example.com>]

On Fri, 9 Oct 1998, Jim Tittsler wrote:

> On Fri, Oct 09, 1998 at 12:35:10PM +0000, Darren Cook wrote:
> > Am I right in thinking those extra machines (eg. 192.168.1.2) can't do web
> > browsing, ftp, connect to a POP server, etc? So the only external machine
> > that can see them is the one with the two network cards?
> 
> With Linux's IP Masquerading, it (almost*) all works transparently.  The
> server keeps track of which of the private network machines made which
> request/connection, and automagically routes reply packets back to the
> appropriate private network host.  Things like web browsing, POP, IMAP,
> telnet, etc. all work transparently.  The private network host thinks it is
> talking directly to its destination host, but the masquerading host acting
> as the gateway, is rewriting the addresses so it looks like the requests from
> the outside world are coming from it.
> 
> (*) It gets trickier with protocols like FTP that set up a connection on one
> port and then perform communications on another.  There are modules that
> understand many of the "interesting" protocols and will keep track of the
> necessary private connections.  There is a catch-all program that attempts
> to handle still other odd protocols that may not have a specific module to
> support them.

TL's kernel, the way I've built it, uses the TRANSPARENT_PROXY option, so
FTP works.  It also comes with masq modules for other things like Quake
and VDOLive, although I've never used them.  It's fast, too.  I've used it
with a 33.6k analog modem connection serving two machines, and they can
both browse the net at the same speed.

However, I strongly recommend NOT letting IP masq log all packets to
syslog, which you can do.  That can bump syslogd's cpu usage up over 90%
very fast, especially if you're exporting an X display across the IP masq
:)

> 
> > What I'm thinking is that when a web server on the net gets a request from
> > 192.168.1.2 how will it know where to send the reply to? Or am I
> > misunderstanding something (again :-)?
> 
> The server will have rewritten the address to its real address, when the
> reply comes back, it puts the private address of the requesting machine
> back.
> 
> IP Masquerade (and Network Address Translation, the larger category) info:
>   http://w3.clat.hi-tech.ac.jp/LDP/HOWTO/mini/IP-Masquerade.html
>   http://ipmasq.home.ml.org/
>   http://linas.org/linux/load.html

It's also installed by default on all TL and Redhat machines (unless you
do a really stripped install) in /usr/doc/HOWTO/mini/IP-Masquerade.

Very well-written document, btw.  i read it once and was able to get it to
work on the first try.

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp