From owner-freebsd-net@FreeBSD.ORG  Mon Oct 18 17:30:09 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C553F16A4CF
	for <net@freebsd.org>; Mon, 18 Oct 2004 17:30:09 +0000 (GMT)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D572843D53
	for <net@freebsd.org>; Mon, 18 Oct 2004 17:30:08 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id E7FF11FF903; Mon, 18 Oct 2004 19:30:06 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id 2042C1FF9A8; Mon, 18 Oct 2004 19:30:05 +0200 (CEST)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id D6AE4156BA; Mon, 18 Oct 2004 17:28:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id CBE23154FC; Mon, 18 Oct 2004 17:28:02 +0000 (UTC)
Date: Mon, 18 Oct 2004 17:28:02 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: Eugene Grosbein <eugen@grosbein.pp.ru>
In-Reply-To: <20041018140527.GA441@grosbein.pp.ru>
Message-ID: <Pine.BSF.4.53.0410181721100.59402@e0-0.zab2.int.zabbadoz.net>
References: <20041018140527.GA441@grosbein.pp.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
cc: net@freebsd.org
Subject: Re: asymmetric NAT
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2004 17:30:09 -0000

On Mon, 18 Oct 2004, Eugene Grosbein wrote:

> Hi!
>
> Let's consider a simple scheme with two NAT boxes
> where packet flow is asymmetric:
>
>      A----+
>      |    |
> S ---+    T
>      |    |
>      B----+
...
> A has 2.2.2.2 for its outer interface, B has 3.3.3.3 for its.
> A and B both do "static NAT" for S, they translate
> 192.168.1.1 to 4.4.4.4 (and vise versa). One can try
...
> AFAIK, libalias and ipnat do not support this configuration currently.
> I'm trying to patch libalias to support this and have some progress
> but still cannot make work active mode FTP transfers when S is a client
> and T is a server.
>
> Should this schema work in a theory at least?

the only thing I can think of is to have some kind of protocoll
beteween A and B that

a) in almost realtime syncs states
or
b) queries the other for a known state about the connection in
   question and updates it's internal "tables".

both are problematic and normally addressed in HA software.

For you scenario an unidirectional syncing would be enough but
if you want to dtrt do it bidirectional because you might not be able
to garantee 100% that all traffic leaves through A and responses
always come in via B.


just my 2cs

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT