I've been running SKIP and NATD on the same machine successfully for about five
days now.
Although they are running on the same machine they are running on DIFFERENT
network cards.
I use SKIP to tunnel between two LANs and NATD to communicate to the internet in
the clear.
I'm running FreeBSD 2.2.5 with no special ipfw rules besides the divert to the
natd port.
So far things are running just fine. Performance is good.
Michael
-----Original Message-----
From: Eric J. Schwertfeger [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 27, 1998 6:17 AM
To: [EMAIL PROTECTED]
Subject: Re: SKIP and natd on FreeBSD 2.2-current
On Thu, 24 Sep 1998, Eric J. Schwertfeger wrote:
> I've got two FreeBSD machines, one 2.2.7-RELEASE and one
> 2.2.7-19980828-SNAP. The latter machine is a firewall with
natd running
> on it. Without configuring natd, we can establish encrypted
> communications to our hearts content.
>
> However, as soon as we insert the ipfw divert rule for natd,
things go
> south fast. Basically, we've tried various configurations,
and we can get
> one or the other to work, but not both. Even a two-rule
rc.firewall
> consisting of just the divert rule and a pass all rule kills
SKIP if the
> divirt comes first.
I've narrowed the problem down. Basically, because natd is
reinserting the
unencrypted packet into the device (queue?), skip can't tell
that it's a
packet that it has already decrypted, so rejects the packet
because it
thinks that the given packet was never encrypted, and is coming
from a
host that requires encryption.
Also, is anyone seeing this? I didn't get any replies, and
haven't seen
any other traffic on this list since subscribing.
