From owner-freebsd-net@FreeBSD.ORG  Tue Oct 19 03:33:35 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C584216A4CE
	for <net@freebsd.org>; Tue, 19 Oct 2004 03:33:35 +0000 (GMT)
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su
	[213.184.65.80])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CFFEE43D45
	for <net@freebsd.org>; Tue, 19 Oct 2004 03:33:33 +0000 (GMT)
	(envelope-from eugen@kuzbass.ru)
Received: from kuzbass.ru (kost [213.184.65.82])i9J3XVGk092564;
	Tue, 19 Oct 2004 11:33:31 +0800 (KRAST)
	(envelope-from eugen@kuzbass.ru)
Message-ID: <41748A86.B377F2BC@kuzbass.ru>
Date: Tue, 19 Oct 2004 11:31:18 +0800
From: Eugene Grosbein <eugen@kuzbass.ru>
Organization: SVZServ
X-Mailer: Mozilla 4.8 [en] (Win98; U)
X-Accept-Language: ru,en
MIME-Version: 1.0
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
References: <20041018140527.GA441@grosbein.pp.ru>
	<Pine.BSF.4.53.0410181721100.59402@e0-0.zab2.int.zabbadoz.net>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
cc: net@freebsd.org
Subject: Re: asymmetric NAT
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2004 03:33:35 -0000

"Bjoern A. Zeeb" wrote:

> > Let's consider a simple scheme with two NAT boxes
> > where packet flow is asymmetric:
> >
> >      A----+
> >      |    |
> > S ---+    T
> >      |    |
> >      B----+
> ...
> > A has 2.2.2.2 for its outer interface, B has 3.3.3.3 for its.
> > A and B both do "static NAT" for S, they translate
> > 192.168.1.1 to 4.4.4.4 (and vise versa). One can try
> ...
> > AFAIK, libalias and ipnat do not support this configuration currently.
> > I'm trying to patch libalias to support this and have some progress
> > but still cannot make work active mode FTP transfers when S is a client
> > and T is a server.
> >
> > Should this schema work in a theory at least?
> 
> the only thing I can think of is to have some kind of protocoll
> beteween A and B that
> 
> a) in almost realtime syncs states
> or
> b) queries the other for a known state about the connection in
>    question and updates it's internal "tables".
> 
> both are problematic and normally addressed in HA software.
> 
> For you scenario an unidirectional syncing would be enough but
> if you want to dtrt do it bidirectional because you might not be able
> to garantee 100% that all traffic leaves through A and responses
> always come in via B.

You are right, packet flow can change.
But why may I need to sync states of NAT boxes in case of static NAT?

Eugene