How to connect laptop and desktop w/NICs

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Apr 13 13:40:44 PDT 2003 

On Sun, Apr 13, 2003 at 08:30:27PM +0100, Jonathon McKitrick wrote:
> On Sun, Apr 13, 2003 at 12:04:12PM -0400, taxman wrote:
> : On Sunday 13 April 2003 11:26 am, Wayne Pascoe wrote:
> : > On Sun, Apr 13, 2003 at 01:13:55PM +0100, Jonathon McKitrick wrote:
> : > > So far, so good.  I can ping each machine from the other, and reset these
> : > > settings on startup.
> : > >
> : > > However, the laptop (which I decided to make a client of the desktop, now
> : > > that I have a modem for the desktop) cannot ping past the gateway.  I
> : > > have the default router set to the desktop, but something else must be
> : > > wrong.
> : > >
> : > > Do I need to have inetd or natd running explicitly for this to work?
> : >
> : > Do you have
> : > gateway_enable="YES"
> : > in /etc/rc.conf ? If not you need to add this.
> : 
> : from rc.conf(5) it doesn't seem that gateway_enable starts natd.  Then what is 
> : the difference?
> : I'm a networking moron and in a similiar situation as Jonathon, and I was 
> : wondering which options to use.
> 
> >From what I have learned, and this may be the blind leading the blind, but
> the gateway simply forwards packets that are not address for that machine
> out to the net.  However, natd seems to allow them to be received back as
> well, since the IP address of the machine behind the gateway is privately
> assigned and unknown outside that network.

Well, ish.  Gatewaying allows a machine to receive a packet not
directly addressed to it on one interface, and forward it out of
another interface --- usually between different networks: hence the
machine becomes the gateway between the two networks.  Also known as
"routing" since the machine will choose the best next hop gateway to
forward the packet to in order to most effectively route it to the
destination.

The other sort of gatewaying is more commonly known as "bridging",
where each interface is on a different ethernet segment of the same
network.  In this case it's routing packets at the ethernet MAC level
rather than the IP level.  Bridging was a big deal back in the days of
10base2 coax network cables, but nowadays with twisted pair cabling
and modern switches which effectively bridge between each of their
network ports, about the only point of setting up a machine as a
bridge is so that you can use it for firewalling.

NAT, also known as masquerading (particularly in the Linux world) is a
response to the limited IPv4 address space available on the Internet.
Effectively it lets you hide a whole network behind one IP number.  It
does this by intercepting the packets as they go past and rewriting
the internal address and maybe port number before they go out onto the
internet.  It also keeps a record of what it has rewritten so that it
can detect the replies coming back to the outgoing packet and so
substitute back the original address.  This works perfectly for an
internal machine trying to connect outwards to a server on the
internet, but a priori there's no way for an external machine to know
where to address the packets in order to connect inwards without some
sort of hint from the command line flags.  

In principle with the advent of IPv6, NAT won't be necessary, as there
will be more than enough addresses for any conceivable use.
(According to my ISP, the standard allocation of a block of IPv6
addresses will be sufficient for about 10^24 machines...) However the
'one way valve' effect of a NAT gateway is a very handy feature in
securing a network, so NATing may not disappear that speedily.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030413/829e858f/attachment.bin

More information about the freebsd-questions mailing list