Date: Sun, 13 Dec 1998 13:32:58 -0500 From: "Jim Flowers" <jflowers@ezo.net> To: <freebsd-questions@FreeBSD.ORG> Subject: SKIP behind NAT with single-homed skiphost Message-ID: <009401be26c7$025317e0$848266ce@crocus.ezo.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0091_01BE269D.19246890
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
In order to have a choice of routing my discontinuous local network =
(network 1) segment over the Internet to its parent (network 2) I want =
to use SKIP behind NAT to set up a tunnel. That way the local and =
parent networks can communicate through the tunnel (slow speed) but
hosts on the local network can access the Internet-at-large using NAT =
(high speed cable modem). The choice is made by simply changing the =
gateway of the workstation or by addressing network segments with static =
routes on network 1.
=20
Unfortunately, tunneling with SKIP from network to network using single =
interface skiphosts behind natd does not appear to be possible with the =
freebsd 2.2.7 port of natd. The problem is that a route must exist on =
network 2 to forward packets for network 1 to S2 for skip processing and =
there must be a route to direct the return packets from S2 to N1 ( S1 is =
unreachable from network 2) via the Internet. Unfortunately due to NAT, =
N1 is also the source address for all of the natded packets coming from =
network 1 so a loop would result on network 2.
=20
H1----+----N1----R1---------[Internet]------------R2----+----H2
S1----+ +----S2 =
(single homed)
| |
network 1 network 2
=20
One solution would be to patch natd.c (and associated program calls) to =
allow SKIP (protocol 57) in addition to TCP, UDP and ICMP and then pass =
all SKIP packets on to the S1 host for processing. CDP is simpler, as =
it is 1640/UDP packets and natd/divert will handle it, as is.
=20
This seems like a lot of effort and I don't like to use programs with =
local patches but the result is desireable. Have I missed an elegant =
(or clever ordinary) way to achieve this capability?
=20
Glad to hear your ideas.
=20
Thanks.
Jim Flowers <jflowers@ezo.net>
------=_NextPart_000_0091_01BE269D.19246890
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.2106.6"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<DIV><FONT color=3D#000000 size=3D2>In order to have a choice of routing =
my=20
discontinuous local network (network 1) segment over the Internet to its =
parent=20
(network 2) I want to use SKIP behind NAT to set up a tunnel. That =
way the=20
local and parent networks can communicate through the tunnel (slow =
speed)=20
but</FONT></DIV>
<DIV><FONT size=3D2>hosts on the local network can access the =
Internet-at-large=20
using NAT (high speed cable modem). The choice is made by simply =
changing=20
the gateway of the workstation or by addressing network segments with =
static=20
routes on network 1.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>Unfortunately, tunneling with SKIP from network to =
network=20
using single interface skiphosts behind natd does not appear to be =
possible with=20
the freebsd 2.2.7 port of natd. The problem is that a route must =
exist on=20
network 2 to forward packets for network 1 to S2 for skip processing and =
there=20
must be a route to direct the return packets from S2 to N1 ( S1 is =
unreachable=20
from network 2) via the Internet. Unfortunately due to NAT, N1 is =
also the=20
source address for all of the natded packets coming from network 1 so a =
loop=20
would result on network 2.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT=20
size=3D2>H1----+----N1----R1---------[Internet]------------R2----+----H2<=
/FONT></DIV>
<DIV><FONT=20
size=3D2>S1----+ &nb=
sp; &nbs=
p;  =
; =
=20
+----S2 (single homed)</FONT></DIV>
<DIV><FONT size=3D2> =20
| =
&=
nbsp; &n=
bsp; &nb=
sp; =20
|</FONT></DIV>
<DIV><FONT size=3D2> network=20
1 =
&=
nbsp; &n=
bsp; =20
network 2</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>One solution would be to patch natd.c (and =
associated program=20
calls) to allow SKIP (protocol 57) in addition to TCP, UDP and ICMP and =
then=20
pass all SKIP packets on to the S1 host for processing. CDP is =
simpler, as=20
it is 1640/UDP packets and natd/divert will handle it, as =
is.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>This seems like a lot of effort and I don't like to =
use=20
programs with local patches but the result is desireable. Have I =
missed an=20
elegant (or clever ordinary) way to achieve this =
capability?</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>Glad to hear your ideas.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>Thanks.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV></DIV>
<DIV><FONT color=3D#000000 size=3D2>Jim Flowers <<A=20
href=3D"mailto:jflowers@ezo.net">jflowers@ezo.net</A>></FONT></DIV></B=
ODY></HTML>
------=_NextPart_000_0091_01BE269D.19246890--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009401be26c7$025317e0$848266ce>