[JDEV] NAT Issues
Bernd Eckenfels
lists at lina.inka.de
Sun Dec 17 17:38:02 CST 2000
On Sun, Dec 17, 2000 at 05:18:22PM -0600, Charles Forsythe wrote:
> You're right, it *can*, but it isn't required.
It is required for dynamic NAT where you have more Hosts behind on IP
Address.
> whitepaper carefully, you'll notice that the author tested the UDP hack
> using Linux IP Masquerading.
Yes I did. The Problem is still, that Linux will change the source Port of
those UDP packets and waits for answers exactly on that Port. So if you have
Linux Masquerading on both sides it wont work. Well.. anyway.. i think e
both agree and i have written before: we need to add server based client to
client filetransfer.
> Dynamic port translation doesn't break TCP services but it does break
> some UDP services. Even without NAT, TCP is already designed to
> negotiated connections in which a dynamic port number is assigned.
Well, you can also use UDP to answer to a incoming UDP packet by using ts
sender address and port, and it will be received and translated by dynamic
NAT Gateways. Thats how DNS is working. The Only problem with this is, it
does work for clients which sends requests and receices responses, but it
does not work for servers, because uness you defined a port forwarding,
incloming UDP packates which dont belong to a request will simply be
dropped.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes at irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
More information about the JDev
mailing list