Universal Client Gateway

Jacob S. Barrett jbarrett at amduat.net
Sun Nov 14 16:23:40 PST 2004 

On Sunday 14 November 2004 02:14 pm, Julian Elischer <julian at elischer.org> 
wrote:
> sounds like you just want to run natd.

I do for all the traffic exiting the WAN interface.  I am doing that and I can 
pass traffic from the host through the universal proxy to the destination.  
The traffic coming back from the destination enters WAN interface and natd 
and is translated back to the host interface but gets routed back out the WAN 
(default route) since the host is not local.  I need to be able to spoof the 
routing table into forwarding the packet back out the LAN internface.

Maybe the example below will help.

Host A:
(static roaming client)
      IP: 192.168.0.3/24
 Gateway: 192.168.0.1
     DNS: 192.168.0.1,192.168.0.2

Host B:
(dhcp client)
      IP: 10.0.0.3/24
 Gateway: 10.0.0.1/24
     DNS: 10.0.0.1, 10.0.0.2

Gateway:
 Gateway: 1.2.3.4
     DNS: 1.2.3.4, 1.2.3.5
 LAN:
  IP: 10.0.0.1/24 arpd
 WAN
  IP: 1.2.3.6/24 natd

Remote C:
  IP 4.5.6.7  

So above we see that Host B will communicate normally.  All traffic for host B 
will travel in Gateway LAN and out natd on the WAN.  All returning traffic 
for Host B will come in the WAN natd and out LAN on Gateway.  All normal 
stuff.

Now if we look at host A.  To send to Remote C it must forward through the 
gateway at 192.168.0.1, which obviously doesn't exist.  A ARPs for 
192.168.0.1.  Gateway replies to the ARP with its MAC address (proxy arp with 
arpd).  A forwards the packet to Gateway thinking it is 192.168.0.1.  As 
expected the packet enters LAN (192.168.0.3->4.5.6.7) passes through natd 
(1.2.3.6->4.5.6.7) and exits WAN.  The response from C comes back in WAN 
(4.5.6.7->1.2.3.6) through natd (4.5.6.7->192.168.0.3) like normal.  Now we 
have a problem.  Gateway needs to forward the packet to 192.168.0.3 (Host A).  
It doesn't have an interface that is on the subnet so it forwards to the 
default gateway again.  It goes back out through natd and WAN.

What I need to do is figure out how to trick the routing table into thinking 
it can just forward the packet to the LAN interface for local delivery.

-- 
Jacob S. Barrett
jbarrett at amduat.net
www.amduat.net

"I don't suffer from insanity, I enjoy every minute of it."

More information about the freebsd-net mailing list