RE: Source address hiding

Austin, Michael H POJ Thu, 24 Sep 1998 22:24:38 -0400


                -----Original Message-----
                From:   Archie Cobbs [mailto:[EMAIL PROTECTED]]
                Sent:   Friday, September 25, 1998 10:01 AM
                To:     [EMAIL PROTECTED]
                Cc:     [EMAIL PROTECTED]; [EMAIL PROTECTED]
                Subject:        Re: Source address hiding

                Austin, Michael H POJ writes:
                > With that cleared up I'd like to ask a question about using
SKIP
                > with FreeBSD NAT.  I've read postings about SKIP and NAT but
have
                > yet to find one that answers my question:
                > 
                > Can SKIP and NATD work together to provide internet access to
                > private LANs/WANs?

                I doubt NATD can translate SKIP packets. However, your setup
                doesn't make sense to me...

                > Private LAN <--> FreeBSD SKIP <--> Router <--> Company WAN
<-->
                > Router <--> FreeBSD SKIP <--> Internet

                What two networks are you trying to tunnel between? Or, who is
the
                bad guy you're trying to enrypt packets from so they can't read
them?

                The networks behind tunnel SKIP routers are connected, and the
rest
                of the Internet is connected, but if you want the two to be
connected
                and your SKIP networks use private IP addresses, you need a
third
                router (or at least a different route) doing the address
translation..
                so NATD and SKIP would be invisible to each other.

                I'm sorry, you are correct.  I've left out a third router.  The
diagram above should read:

                Private LAN <--> FreeBSD SKIP <--> Router <--> Company WAN <-->
                Router <--> FreeBSD SKIP <--> LAN (with "real" IP addresses)
<--> Router <--> Internet

                Frankly, it's even more complicated than that.  The "Company
WAN" is actually two company WANs with a gateway between the two.  Anyway, I
think you made a point below that addresses my concern.  I DO intend to run SKIP
and NATD on the same FreeBSD box BUT on different interfaces.  I'll try it.

                Thanks

                Michael


                For example:

                  192.168.1.0/24 <-> SKIP <-> any IP network <-> SKIP <->
192.168.2.0/24

                Then, independently, you can add a route from the private nets
to the
                real Internet using natd:

                  192.168.1.0/24 <-> SKIP <-> any IP network <-> SKIP <->
192.168.2.0/24
                          ^
                          | default route using natd
                          v
                       Internet

                The problem is if you're running SKIP and natd on the same
machine,
                it can get confusing. If you can run them on separate interfaces
                it should work.

                -Archie

        
___________________________________________________________________________
                Archie Cobbs   *   Whistle Communications, Inc.  *
http://www.whistle.com
RE: Source address hiding

Reply via email to
