-----Original Message-----
From: Stephanie Wehner [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 24, 1998 6:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Source address hiding
> I have just starting experimenting with SKIP in hopes of
building a secure
> tunnel between LANs.
> I have a question about the source address hiding feature: Is
there any
> functionality to source address hiding besides hiding the
source address from
> prying eyes? What I'm trying to get at is whether source
address hiding is
> required for any particular feature of SKIP to work.
I assume you mean with src address hiding that the packet going
from
tunnel_end_1 to tunnel_end_2 does not carry the src address of
the original
packet. This is sometimes absolutely necessary in order to have
a tunnel
since the original src address might get filtered sometime in
between.
Say if you'd route a couple of ips over the tunnel, packets
coming with
a src address of those ips will probably be filtered by a third
party and
will thus never reach the other end of the tunnel.
I made a patch for that some longer time ago, it's in the patch
for
skip in the freebsd ports collection. Or you can get it
seperately from
ftp.r4k.net/pub/skip/.
Thanks, you answered my question clearly.
With that cleared up I'd like to ask a question about using SKIP
with FreeBSD NAT.
I've read postings about SKIP and NAT but have yet to find one
that answers my question:
Can SKIP and NATD work together to provide internet access to
private LANs/WANs?
I have successfully used NATD on FreeBSD to provide internet
access to private LANs where the FreeBSD was directly connected to the internet
and the private LAN.
My new situation is different. We now have a company WAN with
private LANs behind routers like so:
Private LAN <--> FreeBSD SKIP <--> Router <--> Company WAN <-->
Router <--> FreeBSD SKIP <--> Internet
If I don't use some sort of NAT on the SKIP machine just before
the internet my packets get dropped, since they are private IP addresses.
Ideally, I'd like the packets to get "unSKIP" before NAT is applied for outbound
packets and vice versa for inbound.
Before I actually try this I'd like to know if anyone has any
experience/comments on this.
Thank you,
Michael Austin
> Also, if anyone knows of some good docs on how to set up SKIP
tunneling
> between networks please point me in the right direction.
Just read the docs that come with skip and some stuff in the
mailinglist
archive.
bye,
Stephanie
----------------------------<> [EMAIL PROTECTED] <>-----------------<>
FreeBSD <>---
"I had to hit him -- he was starting to make sense."
