asymmetric NAT
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Oct 18 10:30:09 PDT 2004
On Mon, 18 Oct 2004, Eugene Grosbein wrote:
> Hi!
>
> Let's consider a simple scheme with two NAT boxes
> where packet flow is asymmetric:
>
> A----+
> | |
> S ---+ T
> | |
> B----+
...
> A has 2.2.2.2 for its outer interface, B has 3.3.3.3 for its.
> A and B both do "static NAT" for S, they translate
> 192.168.1.1 to 4.4.4.4 (and vise versa). One can try
...
> AFAIK, libalias and ipnat do not support this configuration currently.
> I'm trying to patch libalias to support this and have some progress
> but still cannot make work active mode FTP transfers when S is a client
> and T is a server.
>
> Should this schema work in a theory at least?
the only thing I can think of is to have some kind of protocoll
beteween A and B that
a) in almost realtime syncs states
or
b) queries the other for a known state about the connection in
question and updates it's internal "tables".
both are problematic and normally addressed in HA software.
For you scenario an unidirectional syncing would be enough but
if you want to dtrt do it bidirectional because you might not be able
to garantee 100% that all traffic leaves through A and responses
always come in via B.
just my 2cs
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-net
mailing list