[ale] IP Masquerading Question

Byron A Jeff byron at cc.gatech.edu
Sat Jan 26 23:00:34 EST 2002 

> 
> I believe it works like this... I'm sure I'll be corrected if not.
> 
> As a packet arrives from your internal network to your linux box, it
> determines if it is addressed for this machine (i.e. the linux box), another
> internal machine on your subnet (which it ignores),

Actually this packet is never actually received.

> or for some outside
> machine(where it will do something with it).  The software will rewrite the
> packet placing the mac address

The source IP changing is the important part. The MAC changing is a normal 
part of a packet moving from one network to another through a router.

> of the  gateway nic on the outgoing packet.
> It also changes the port number on the packet and makes an internal note to
> itself that when a packet comes back destined for that port, it is meant for
> the internal machine.  

Correct.

> 
> When a packet comes back, it will be addressed to the gateway nic, but will
> have a port number for a service that does not exist on that box.  The
> ipmasq stuff recognizes this and rewrites the packet, sending it to your
> internal network.

Again rewriting the IP. 

> 
> 
> 
> -----Original Message-----
> From: bkruger at mindspring.com [mailto:bkruger at mindspring.com]
> Sent: Thursday, January 24, 2002 1:47 PM
> To: ale at ale.org
> Subject: [ale] IP Masquerading Question
> 
> 
> I was looking at installing Knology cable in my house.  One of their plans
> requires that you send them the MAC address of the NIC to them for access.

It's a lame security mechanism so that you can't directly connect multiple
machines to the cable modem through a hub/switch.

> 
> If this is the case, will IP masquerading for a small subnet "spoof" the MAC
> address for all outward packets to the MAC of the NIC attached to the cable
> modem?

In almost all cases IP masquerading (NAT) is a routing operation. You'll have
your internal network connected to one interface of the NAT box, and another
interface connected to the modem. All traffic out to the modem will have the
MAC address of the interface connected to the modem.

>  I've looked over some of the docs for IP Masquerading, but have not
> been able to confirm/deny this.  It is probably right under my nose....  

It's not mentioned because MAC addresses operate at a layer below IP and
therefore masquerading.

The important piece of information you need is knowing that Linux's ifconfig
command can reprogram the MAC address on almost every Ethernet card. So
this means that if you ever blow out the card connected to the modem, that
you can replace it and setup the MAC address using the ifconfig command.
Very handy feature.

Masquerade away. 

BAJ

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list