In order to have a choice of
routing my discontinuous local network (network 1) segment over the Internet to
its parent (network 2) I want to use SKIP behind NAT to set up a tunnel.
That way the local and parent networks can communicate through the tunnel (slow
speed) but
hosts on the local network can access the Internet-at-large
using NAT (high speed cable modem). The choice is made by simply changing
the gateway of the workstation or by addressing network segments with static
routes on network 1.
Unfortunately, tunneling with SKIP from network to network
using single interface skiphosts behind natd does not appear to be possible with
the freebsd 2.2.7 port of natd. The problem is that a route must exist on
network 2 to forward packets for network 1 to S2 for skip processing and there
must be a route to direct the return packets from S2 to N1 ( S1 is unreachable
from network 2) via the Internet. Unfortunately due to NAT, N1 is also the
source address for all of the natded packets coming from network 1 so a loop
would result on network 2.
H1----+----N1----R1---------[Internet]------------R2----+----H2
S1----+
+----S2 (single homed)
|
|
network
1
network 2
One solution would be to patch natd.c (and associated program
calls) to allow SKIP (protocol 57) in addition to TCP, UDP and ICMP and then
pass all SKIP packets on to the S1 host for processing. CDP is simpler, as
it is 1640/UDP packets and natd/divert will handle it, as is.
This seems like a lot of effort and I don't like to use
programs with local patches but the result is desireable. Have I missed an
elegant (or clever ordinary) way to achieve this capability?
Glad to hear your ideas.
Thanks.
Jim Flowers <[EMAIL PROTECTED]>
