From owner-freebsd-net@FreeBSD.ORG Mon Nov 15 00:23:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA5B116A4CE for ; Mon, 15 Nov 2004 00:23:40 +0000 (GMT) Received: from mail.pogozone.net (pogo02.pogozone.net [216.57.201.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F3AF43D3F for ; Mon, 15 Nov 2004 00:23:40 +0000 (GMT) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.69] (client-220-234.bhm.pogozone.net [216.57.220.234]) (AUTH: LOGIN jbarrett@pogozone.net, TLS: TLSv1/SSLv3,128bits,RC4-MD5) by mail.pogozone.net with esmtp; Sun, 14 Nov 2004 16:23:39 -0800 From: "Jacob S. Barrett" To: freebsd-net@freebsd.org Date: Sun, 14 Nov 2004 16:23:08 -0800 User-Agent: KMail/1.7.1 References: <200411141311.49502.jbarrett@amduat.net> <4197D8C5.5050601@elischer.org> In-Reply-To: <4197D8C5.5050601@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411141623.10060.jbarrett@amduat.net> Subject: Re: Universal Client Gateway X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 00:23:40 -0000 On Sunday 14 November 2004 02:14 pm, Julian Elischer wrote: > sounds like you just want to run natd. I do for all the traffic exiting the WAN interface. I am doing that and I can pass traffic from the host through the universal proxy to the destination. The traffic coming back from the destination enters WAN interface and natd and is translated back to the host interface but gets routed back out the WAN (default route) since the host is not local. I need to be able to spoof the routing table into forwarding the packet back out the LAN internface. Maybe the example below will help. Host A: (static roaming client) IP: 192.168.0.3/24 Gateway: 192.168.0.1 DNS: 192.168.0.1,192.168.0.2 Host B: (dhcp client) IP: 10.0.0.3/24 Gateway: 10.0.0.1/24 DNS: 10.0.0.1, 10.0.0.2 Gateway: Gateway: 1.2.3.4 DNS: 1.2.3.4, 1.2.3.5 LAN: IP: 10.0.0.1/24 arpd WAN IP: 1.2.3.6/24 natd Remote C: IP 4.5.6.7 So above we see that Host B will communicate normally. All traffic for host B will travel in Gateway LAN and out natd on the WAN. All returning traffic for Host B will come in the WAN natd and out LAN on Gateway. All normal stuff. Now if we look at host A. To send to Remote C it must forward through the gateway at 192.168.0.1, which obviously doesn't exist. A ARPs for 192.168.0.1. Gateway replies to the ARP with its MAC address (proxy arp with arpd). A forwards the packet to Gateway thinking it is 192.168.0.1. As expected the packet enters LAN (192.168.0.3->4.5.6.7) passes through natd (1.2.3.6->4.5.6.7) and exits WAN. The response from C comes back in WAN (4.5.6.7->1.2.3.6) through natd (4.5.6.7->192.168.0.3) like normal. Now we have a problem. Gateway needs to forward the packet to 192.168.0.3 (Host A). It doesn't have an interface that is on the subnet so it forwards to the default gateway again. It goes back out through natd and WAN. What I need to do is figure out how to trick the routing table into thinking it can just forward the packet to the LAN interface for local delivery. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it."