From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 9F50423CF268 for <9fans@9fans.net>; Sun, 10 May 2020 14:04:42 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 12B7EB88D23; Sun, 10 May 2020 14:04:42 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1589133882; b=M9UgJIuEZrnPeUGU2jo4tAVUrO8TMVMHozn2oFlUmYzenT/IL4 9yS4GEiWETvDHuXtBHeEJrb5EpsVEy+d4EcRxViXGHdAqrTAwKvfzqwf50BIIqft lk1t4Obxh8MHl8QIPUIKaXqIXPVzMOdOalC7I5CjXGbfvDwuAwcRWf19N1rVT+rK wRU8oVJwxBBF037ZQSHLiT32D2eTqqy3Rsu3No8hT/Kud2GNPVFDmVhOq8q1JBy9 xgFO4NarAcs0sS+IjbzQnx8gOuX3QbbQhmAhxNF1jUK2jDyAYpF6nppyT0hnzsCH b0JsXVs+GrllJkDJ+j7y+QsLbqr1R3nj3ROg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1589133882; bh=LVyojcK8jKLfBp0kk8G4QB9RO1U9ZkZNmbnlvUUVrE0=; b=xuqBsG30RfUQ uWhMEsf9wxxRglJ7GI9quf1wzV6+2YZ+TQqHNWTcMK0An7eraYSPu/+Sl/c6Skc6 71Yyxnfxvn0W+xXlSXOj5V/qSzocS8ov3tLWuK7BhHXFxjIjm1+A3ZfzyR0+Kky0 0Bn8onhnA8m68jYq6FJfzjSiADc23S5lKH2Ukmoop02VW5wmlMx1q10pVpL/iodn RIoD6leVHeEHW07MeWZKJtiWouzAOEmS4E4wmb/vvHfQg0nV/FIlfpL/ww5iOehR MKbFUxOK8di3ZLi+l/4irVe3QCDRdCo3h0Kbh3ggt8Hm+PqQXDE3GLGABvyN4PN4 8H71xV/P7w== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=VFk28EXp header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.222.50 (mail-ua1-f50.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-ua1-f50.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=Kd4m+/jO; x-ptr=pass smtp.helo=mail-ua1-f50.google.com policy.ptr=mail-ua1-f50.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=VFk28EXp header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.222.50 (mail-ua1-f50.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-ua1-f50.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=Kd4m+/jO; x-ptr=pass smtp.helo=mail-ua1-f50.google.com policy.ptr=mail-ua1-f50.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeduhedrkeehucetufdoteggodetrfdotffvucfrrh hofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfurfetoffk rfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhfffkffuvf gtsegrtderredttdejnecuhfhrohhmpeevhhgrrhhlvghsucfhohhrshihthhhuceotghh rghrlhgvshdrfhhorhhshihthhesghhmrghilhdrtghomheqnecuggftrfgrthhtvghrnh epfeeftefhvefhveetjedthfeifeeiveehjeelvdegvedvgeelgfevtdelgfegieeknecu ffhomhgrihhnpehtohhpihgtsghogidrtghomhenucfkphepvddtledrkeehrddvvddvrd ehtdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdek hedrvddvvddrhedtpdhhvghlohepmhgrihhlqdhurgduqdhfhedtrdhgohhoghhlvgdrtg homhdpmhgrihhlfhhrohhmpeeotghhrghrlhgvshdrfhhorhhshihthhesghhmrghilhdr tghomhequcfukfgkgfepkeejieef X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'charles.forsyth@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="charles.forsyth@gmail.com"; helo=mail-ua1-f50.google.com; client-ip=209.85.222.50 Received: from mail-ua1-f50.google.com (mail-ua1-f50.google.com [209.85.222.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sun, 10 May 2020 14:04:42 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: by mail-ua1-f50.google.com with SMTP id 36so2561788uaf.9 for <9fans@9fans.net>; Sun, 10 May 2020 11:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LVyojcK8jKLfBp0kk8G4QB9RO1U9ZkZNmbnlvUUVrE0=; b=VFk28EXp7TS+aa03WNOdX3rx30ox3hPFuqeMZ+Yqm9n72CpqoGMurjjgVQlQnwWXtF BKsJKMiF8e2VMnULGNomTascos2kkr0x2atjvJOuekchH3uXtu2RNDnIl25W9o3pTebc mFXZ2s5gEb0rymBrQ4GuHu4LtPfFsGM5s0bTMjjPOFPWXkYDUd1qAV+qmYe39SseVXxj 85vodmWDk9eXAnhH9XpeYPQcjGEjT9xr1QW04zV61sZgMZJoRme11wAzEKBdpxYhDj+k p7+CB9yhOMNV0o8aUFpG8B9UEAgXgrx8eFJu3tXwu3uZsINnjxeu9u1CeZGdqtuvOS64 I0jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LVyojcK8jKLfBp0kk8G4QB9RO1U9ZkZNmbnlvUUVrE0=; b=Kd4m+/jOu5CKmmEfF9C4Qlv+RlWtfTKmvUPABfVnf/Y2+KScqyRJBHNjVKkh4rcHeN qSo0U7mgoJjKvKgMTMX1ofzdjgLj149q6SL0WZnRAf4lMwi9ts3Jt3z3XMcdiHdF4Afi 7X6ve7cRMSILP7qtaxWoQN1LoB2cAkbIRVIGOwxNOfJKGrRbS/P5epYGzGZIkkmeGNDO u9zXkl9qPLI/6qujE0l4FE2pJRN01r1+AxuUhupLaKBe/p1gJyvG4XPOHAF8AZOAPAU3 ayZlx95jum3oeYMgs7SynZ8MJAQU3IfGERlSVpB2TvlcbWDwIpgMLSgBzq849HJ1puzu XUjQ== X-Gm-Message-State: AGi0PuZMQHdlRdnyII04GBqViWznTxnExNH13qMJsc6j2qfNZLNOJzZa aCM9tHorXK+jrnF8kBc/3t0x4IF2mSQO3NkMsyKcTT5fJeI= X-Google-Smtp-Source: APiQypIn2e9Gu60Cf+4B7NIJ4/9llRBVPji3C1txy+XSBYmF19UjGqbiZiOMfffs3fW0acOCW804qPC5bxnxqDA7ie4= X-Received: by 2002:a9f:3e83:: with SMTP id x3mr8705641uai.128.1589133880415; Sun, 10 May 2020 11:04:40 -0700 (PDT) MIME-Version: 1.0 References: <1088262094.244310.1588956346600.ref@mail.yahoo.com> <1088262094.244310.1588956346600@mail.yahoo.com> In-Reply-To: From: Charles Forsyth Date: Sun, 10 May 2020 19:04:29 +0100 Message-ID: Subject: Re: [9fans] Firewall/NAT and importing outside interface To: 9fans <9fans@9fans.net> Content-Type: multipart/alternative; boundary="000000000000715b1505a54f1021" Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: bc02133a-92e8-11ea-b338-c367aec9cb00 --000000000000715b1505a54f1021 Content-Type: text/plain; charset="UTF-8" > > If one is running a mail server and has it inside their firewall and if > using one IP then t has to use NAT. Couldn't one presumeably use the setup > above and run a mail server on Plan 9 and bypass having to use NAT? And > also do the same thing for a web server? Yes, I do that. The example you quoted creates two independent IP stacks, starting with the default '#I0' IP stack on ether0, then adding a new IP stack '#I1' connected to ether1 (#l1). There is a separate TCP/IP, UDP/IP, ICMP etc for each stack. I also import /net from a Linux server via Inferno (on Linux) so I can send mail from a non-RBLd address. You can create several types of virtual interface ("medium") on the IP stack, connected to a user-mode process. See pkg and netdev in ip(3) I still have a router with NAT though for non-Plan 9 machines. I never got round to writing a NAT for Plan 9 (which could work in user mode). On Fri, May 8, 2020 at 7:55 PM Robert Sherwood wrote: > I love the idea of importing the external interface to get outside the > network. When I first read about this in Plan9, that's when the system > really "clicked" for me. > > On Fri, May 8, 2020 at 1:08 PM hiro <23hiro@gmail.com> wrote: > >> you can also have multiple ipstacks, working ipv6 and what have you. >> cinap fixed a bunch of stuff in this regard. >> >> it's much more like linux network namespaces now, no limits to your >> creativity... >> >> ------------------------------------------ >> 9fans: 9fans >> Permalink: >> https://9fans.topicbox.com/groups/9fans/Te43262c53bc71855-M9383be68c88caf7d73dc38d6 >> Delivery options: https://9fans.topicbox.com/groups/9fans/subscription >> > *9fans * / 9fans / see discussions > + participants > + delivery options > Permalink > > --000000000000715b1505a54f1021 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
If one is running a mail server and has it i= nside their firewall and if using one IP then t has to use NAT. Couldn'= t one presumeably use the setup above and run a mail server on Plan 9 and b= ypass having to use NAT?=C2=A0 And also do the same thing for a web server?=

Yes, I do that. The example you=C2= =A0quoted creates two independent IP stacks, starting with the default '= ;#I0' IP stack on ether0, then adding a new IP stack '#I1' conn= ected to ether1 (#l1).
There is a separate TCP/IP, UDP/IP, ICMP e= tc for each stack. I also import /net from a Linux server via Inferno (on L= inux) so I can send mail from a non-RBLd address.
You can create = several types of virtual interface ("medium") on the IP stack, co= nnected to a user-mode process. See pkg and netdev in ip(3)

<= /div>
=C2=A0 I still have a router with NAT though for non-Plan 9 machi= nes. I never got round to writing a NAT for Plan 9 (which could work in use= r mode).

On Fri, May 8, 2020 at 7:55 PM Robert Sherwood <robert.sherwood@gmail.com> wro= te:
I love the idea of importing the external interface to get outside the= network. When I first read about this in Plan9, that's when the system= really "clicked" for me.

On Fri, May 8, 2020 at 1:08 PM hiro = <23hiro@gmail.com<= /a>> wrote:
y= ou can also have multiple ipstacks, working ipv6 and what have you.
cinap fixed a bunch of stuff in this regard.

it's much more like linux network namespaces now, no limits to your
creativity...

------------------------------------------
9fans: 9fans
Permalink: https:= //9fans.topicbox.com/groups/9fans/Te43262c53bc71855-M9383be68c88caf7d73dc38= d6
Delivery options: https://9fans.topicbox.com/gro= ups/9fans/subscription
--000000000000715b1505a54f1021--