From owner-freebsd-net@FreeBSD.ORG  Mon Oct 18 14:05:35 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3E4416A4CF
	for <net@freebsd.org>; Mon, 18 Oct 2004 14:05:35 +0000 (GMT)
Received: from grosbein.pp.ru (grgw.svzserv.kemerovo.su [213.184.64.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D7B9943D31
	for <net@freebsd.org>; Mon, 18 Oct 2004 14:05:32 +0000 (GMT)
	(envelope-from eugen@grosbein.pp.ru)
Received: from grosbein.pp.ru (eugen@localhost [127.0.0.1])
	by grosbein.pp.ru (8.12.11/8.12.11) with ESMTP id i9IE5Spg000539
	for <net@freebsd.org>; Mon, 18 Oct 2004 22:05:28 +0800 (KRAST)
	(envelope-from eugen@grosbein.pp.ru)
Received: (from eugen@localhost)
	by grosbein.pp.ru (8.12.11/8.12.11/Submit) id i9IE5RdQ000538
	for net@freebsd.org; Mon, 18 Oct 2004 22:05:27 +0800 (KRAST)
	(envelope-from eugen)
Date: Mon, 18 Oct 2004 22:05:27 +0800
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: net@freebsd.org
Message-ID: <20041018140527.GA441@grosbein.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Subject: asymmetric NAT
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2004 14:05:35 -0000

Hi!

Let's consider a simple scheme with two NAT boxes
where packet flow is asymmetric:

     A----+
     |    |
S ---+    T
     |    |
     B----+

Here S is a host in the local network and its IP is 192.168.1.1,
A and B are both border routers and both do NAT, T is a target server
in a public Internet having IP address 1.1.1.1. All links drawn
above are WAN and multihop links. Outgoing traffic from S to T
flows through A, incoming traffic flows through B.

A has 2.2.2.2 for its outer interface, B has 3.3.3.3 for its.
A and B both do "static NAT" for S, they translate
192.168.1.1 to 4.4.4.4 (and vise versa). One can try

redirect_address 192.168.1.1 4.4.4.4

for natd(8) configuration (and corresponding ipfw rules) to achieve this.

AFAIK, libalias and ipnat do not support this configuration currently.
I'm trying to patch libalias to support this and have some progress
but still cannot make work active mode FTP transfers when S is a client
and T is a server.

Should this schema work in a theory at least?

Eugene Grosbein