Path: wins.uva.nl!sun4nl!EU.net!howland.erols.net!newsfeed.internetmci.com!in1.uu.net!208.195.160.144!bulb.garlic.com!fox.almaden.ibm.com!jcday.almaden.ibm.com!trall From: trall@jcday.almaden.ibm.com (Tony Rall) Newsgroups: comp.os.os2.networking.tcp-ip Subject: Re: routing and gateways and ppp Date: 11 Jul 1997 03:33:52 GMT Organization: IBM Almaden Research Center NN version 6.5.0 #5 (NOV) Lines: 140 Message-ID: <5q49j0$fsq@fox.almaden.ibm.com> References: Reply-To: trall@almaden.ibm.com (Tony Rall) NNTP-Posting-Host: jcday.almaden.ibm.com Xref: wins.uva.nl comp.os.os2.networking.tcp-ip:75780 Connecting a Lan to the Internet via OS/2 Tony Rall, trall@almaden.ibm.com, 97/03/01 What has to be done to allow systems on my lan to talk to the Internet via my one (typically dialup) ISP connection? The following techniques have been used on OS/2 or other platforms to accomplish this: * routing * proxy * socks * Network Address Translation * IP masquerading Options providing full Internet addresses for your clients: Routing ------- Routing capability is builtin to OS/2. No additional software is required. But it does require the cooperation of your ISP. Typically they must assign you the subnet address that you use on the lan - whether or not the dial connection uses dynamic addresses. The ISP must know to route packets to your lan addresses via your dial link. Many ISPs will charge extra for this capability (if they offer it at all). Routing allows full TCP/IP access of the clients to the Internet. It also produces the least burden on the gateway machine. Routing allows inbound connections. * on your lan clients, simply default route to the lan interface of the OS/2 router * the lan clients can use the same nameserver as used by the router * the OS/2 router needs "ipgate on" in bin\setup.cmd Options that don't expose your lan addresses on the Internet: Proxy and Socks --------------- With these, clients send TCP requests not to the destination, but to a gateway machine. The requests are encapsulated with control information that provides the gateway the information it needs to forward the packet. This gateway, a proxy or socks server, removes the encapsulation and, using its own address in the source field, forwards the packet. Inbound connections are not supported (the local machines cannot act as servers on the Internet). Proxy and socks may require additional software on both the clients and the OS/2 gateway machine (your system that connects to the ISP). Proxy typically is supported by individual applications; socks can be supported by applications or the entire TCP stack can be socksified. TCP/IP V4 includes a socksified IP stack; this means that any TCP application you run will be socks enabled. At this point only TCP applications can use socks (socks V4). Other protocols, such as the ICMP used by ping and the UDP used by name resolution and a number of multimedia applications, will not travel via the gateways (the IP stack will try to send them directly to the destinations). This means that UDP applications, such as CU-SeeMe, between clients on your private lan and servers on the Internet will not work. It is possible that proxy support could be achieved for specific UDP applications. I know of none for OS/2. For socks clients to translate Internet names, such as www.ibm.com, to the addresses needed for communications, they will need a nameserver on your lan that can resolve Internet addresses. Usually that means your gateway machine will have to run named.exe. IBM sells an older DNS kit that works on OS/2; there are also one or more public domain versions, some of them may be of a more recent vintage. With proxy, you aren't required to be able to resolve Internet names on your lan. The proxy gateway itself must be able to do this, but this only requires the standard resolver (part of base TCP/IP), not a full blown DNS server. Your gateway machine will also have to run a proxy or socks server. The IBM Internet Connection Server has a proxy. There may also be public domain or third party proxy and socks servers. One socks server, developed by Philippe Gillain of IBM, may be available at: http://hobbes.nmsu.edu/os2/network/tcpip/sockd.zip For a good description about setting up socks for both clients and servers see the following OS/2 e-Zine! article: http://www.haligonian.com/os2/v1n14/socks.htm Network Address Translation --------------------------- Your lan addresses, which may be private addresses (not assigned to you by an official address distributer), are converted by the gateway to other addresses which are known on the Internet. There is no NAT support for OS/2 gateways - it is typically a feature on commercial firewall systems. Inbound connections are not supported (the local machines cannot act as servers on the Internet). IP Masquerading --------------- This is a limited form of Network Address Translation; all lan addresses are translated to the single Internet address of the gateway. For normal ISP customers, this is a feature, since they only have the single real address. There is OS/2 support for masquerading is in the third party In-Joy dialer: http://www.belle.dk/~bj/dialer.html and, for CAPI ISDN, the ISDNPM package: http://www.leo.org/pub/comp/os/os2/leo/tcpip/slip-ppp TCP and UDP applications are typically supported. Inbound connections are not supported (the local machines cannot act as servers on the Internet). Summary ------- Routing Proxy Socks NAT IP Masq. ------- ----- ----- --- -------- Software support required no yes yes no no on local clients Local addresses appear yes no no no no externally One Internet address per yes no no yes no active client needed Local machines can act as yes no no maybe no servers on Internet UDP supported yes maybe no* yes yes DNS server req'd on gateway no no yes no no * UDP is not supported in socks V4 (which is the generally available version [in OS/2 Warp. Socks 5 does support UDP and is available for Unix and Windows but not yet for OS/2 -- JdL] ). -- Tony Rall trall@almaden.ibm.com