1User PPP Packet Aliasing 2 30. Contents 4 1. Background 5 2. Setup 6 3. Future Development 7 8 91. Background 10 11User ppp has embedded packet aliasing (IP masquerading) code. 12When this capability is enabled by the "-alias" command line 13option, the ppp host will automatically alias IP packets forwarded 14from a local network so that they appear to come from the ppp 15host machine. Incoming packets from the outside world are then 16appropriately de-aliased. 17 18The process of aliasing involves both the IP address as well as 19TCP and UDP port numbers. ICMP packets can be aliased by either 20their id or sequence numbers. 21 22This software was specifically meant to support users who have 23unregistered, private address IP networks (e.g. 192.168.0.x or 2410.0.0.x addresses). The ppp host can act as a gateway for these 25networks, and computers on the local area net will have some 26degree of internet access without the need for a registered IP 27address. Additionally, there will be no need for an internet 28service provider to maintain routing tables for the local area 29network. 30 31A disadvantage of packet aliasing is that machines on the local 32network, behind the ppp host, can establish tcp connections and 33make udp inqiries (such as domain name service requests), but these 34machines, other than the ppp host itself, are not visible from 35the outside world. There is, in effect, a partial firewall. 36 37A second disadvantage is that "IP encoding" protocols, which send 38IP address or port information within the data stream, are not 39supported unless exception code has been put in place. A workaround 40for ftp, which is the most well known of the IP encoding protocols, 41has been developed in this implementation, so users do not have 42to depend on using the ftp passive mode, as is sometimes the case 43with other masquerading solutions. 44 45All standard, non-encoding TCP and UDP protocals are supported, 46Examples of these protocols are http, gopher and telnet. The 47standard UDP mode of RealAudio is not presently supported, 48but the TCP mode does work correctly. IRC is reported by users 49to work in some, but not all, modes. 50 51The packet aliasing code also handle many ICMP messages. In 52particular, ping and traceroute are supported. 53 54 55 562. Packet Aliasing Setup 57 58It is recommended that correct ppp operation first be verified 59without packet aliasing enabled. Then ppp can be started with 60the "-alias" option in the command line. Correct network operation 61of the ppp host in packet aliasing mode should then be verified. 62Finally, machines on the private network should be checked to see 63whether they can access the internet. 64 65Since the masquerading software aliases all packets, whether 66they come from the host or another computer on the local area 67network, a correctly operating ppp host will indicate that the 68software should work properly for other computers on the private 69network. 70 71If the ppp host can access the internet, but other computers on 72the local network cannot do this, then it should be checked that 73IP forwarding is enabled on the ppp host and that the other 74computers use this machine as a gateway. Of course, proper 75communications between machines within the local area network 76should also be verified (do they use consistent subnet addresses 77and masks?). 78 79 80 813. Future Development 82 83What is called packet aliasing here has been variously called 84masquerading, network address translation (NAT) and transparent 85proxying by others. It is an extremely useful function to 86many users, but it is also necessarily imperfect. Workarounds 87(hacks) are always needed for the occasional IP-encoding 88protocols. 89 90The specific solution implemented here does not block off or 91reserve any segment of TCP or UDP ports on the ppp host for use 92by the masquerading function. No communication to the kernel 93is needed in this matter. All packets are aliased, whether 94they originate from the ppp host or other computers on the 95local network. This is a central issue, and some programmers 96may wish to handle this differently. 97 98The packet aliasing engine (alias.c, alias_db.c, alias_ftp.c 99and alias_util.c) runs in user space, and is intended to be 100both portable and reusable for interfaces other than ppp. The 101basic engine is accessed by four simple function calls 102(initialization, communication of host address, outgoing 103aliasing and incoming de-aliasing). 104 105Limited IP fragment handling exists. Once the packet aliasing 106software sees the header fragment of a packet, all other fragments 107will be correctly forwarded. However, if the header fragment 108does not come first, then some fragments will be lost. 109 110Charles Mott (cmott@srv.net) 111December 4, 1996 112 113