From owner-freebsd-questions Sun Dec 13 09:32:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA19344 for freebsd-questions-outgoing; Sun, 13 Dec 1998 09:32:46 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19334 for ; Sun, 13 Dec 1998 09:32:44 -0800 (PST) (envelope-from jflowers@ezo.net) Received: from crocus (c3-1d196.neo.rr.com [24.93.233.196]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id MAA09090 for ; Sun, 13 Dec 1998 12:32:28 -0500 (EST) Message-ID: <009401be26c7$025317e0$848266ce@crocus.ezo.net> From: "Jim Flowers" To: Subject: SKIP behind NAT with single-homed skiphost Date: Sun, 13 Dec 1998 13:32:58 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0091_01BE269D.19246890" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0091_01BE269D.19246890 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable In order to have a choice of routing my discontinuous local network = (network 1) segment over the Internet to its parent (network 2) I want = to use SKIP behind NAT to set up a tunnel. That way the local and = parent networks can communicate through the tunnel (slow speed) but hosts on the local network can access the Internet-at-large using NAT = (high speed cable modem). The choice is made by simply changing the = gateway of the workstation or by addressing network segments with static = routes on network 1. =20 Unfortunately, tunneling with SKIP from network to network using single = interface skiphosts behind natd does not appear to be possible with the = freebsd 2.2.7 port of natd. The problem is that a route must exist on = network 2 to forward packets for network 1 to S2 for skip processing and = there must be a route to direct the return packets from S2 to N1 ( S1 is = unreachable from network 2) via the Internet. Unfortunately due to NAT, = N1 is also the source address for all of the natded packets coming from = network 1 so a loop would result on network 2. =20 H1----+----N1----R1---------[Internet]------------R2----+----H2 S1----+ +----S2 = (single homed) | | network 1 network 2 =20 One solution would be to patch natd.c (and associated program calls) to = allow SKIP (protocol 57) in addition to TCP, UDP and ICMP and then pass = all SKIP packets on to the S1 host for processing. CDP is simpler, as = it is 1640/UDP packets and natd/divert will handle it, as is. =20 This seems like a lot of effort and I don't like to use programs with = local patches but the result is desireable. Have I missed an elegant = (or clever ordinary) way to achieve this capability? =20 Glad to hear your ideas. =20 Thanks. Jim Flowers ------=_NextPart_000_0091_01BE269D.19246890 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
In order to have a choice of routing = my=20 discontinuous local network (network 1) segment over the Internet to its = parent=20 (network 2) I want to use SKIP behind NAT to set up a tunnel.  That = way the=20 local and parent networks can communicate through the tunnel (slow = speed)=20 but
hosts on the local network can access the = Internet-at-large=20 using NAT (high speed cable modem).  The choice is made by simply = changing=20 the gateway of the workstation or by addressing network segments with = static=20 routes on network 1.
 
Unfortunately, tunneling with SKIP from network to = network=20 using single interface skiphosts behind natd does not appear to be = possible with=20 the freebsd 2.2.7 port of natd.  The problem is that a route must = exist on=20 network 2 to forward packets for network 1 to S2 for skip processing and = there=20 must be a route to direct the return packets from S2 to N1 ( S1 is = unreachable=20 from network 2) via the Internet.  Unfortunately due to NAT, N1 is = also the=20 source address for all of the natded packets coming from network 1 so a = loop=20 would result on network 2.
 
 
H1----+----N1----R1---------[Internet]------------R2----+----H2<= /FONT>
S1----+         &nb= sp;           &nbs= p;            = ;            =            =20 +----S2 (single homed)
        =20 |            =             &= nbsp;           &n= bsp;           &nb= sp;         =20 |
     network=20 1            =             &= nbsp;           &n= bsp;      =20 network 2
 
One solution would be to patch natd.c (and = associated program=20 calls) to allow SKIP (protocol 57) in addition to TCP, UDP and ICMP and = then=20 pass all SKIP packets on to the S1 host for processing.  CDP is = simpler, as=20 it is  1640/UDP packets and natd/divert will handle it, as = is.
 
This seems like a lot of effort and I don't like to = use=20 programs with local patches but the result is desireable.  Have I = missed an=20 elegant (or clever ordinary) way to achieve this = capability?
 
Glad to hear your ideas.
 
Thanks.
 
Jim Flowers <jflowers@ezo.net>
------=_NextPart_000_0091_01BE269D.19246890-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message