<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: options config...
From: Amith Varghese <amith,AT,xalan,DOT,com>
Date: Thu, 13 Feb 2003 16:32:12 +0100
In-reply-to: <7DB0958915FDD611961400A0C98F18460BCE76@WINTRIX.thermeon.com>

> What you're seeing is the normal behavior of NAT.  When a UDP packet
> is directed through a NAT it's source address is modified to that of the NAT
> system and it is sent along it's way, when a response returns the NAT system
> must consult it's UDP list and remember where the response should be
> directed.   The NAT table is only short-lived.  I believe that Windows ICS
> only has a 60 second time-out.    On my systems I keep a 30 second ping
> going from behind a NAT firewall to an external system with a static 
>address.

Linux A--------NAT/Firewall---| Internet |-----------Linux B

I understand what you are saying, but what I don't understand is that there 
is a
static IP address mapped to Linux A.  Its not like Linux A is a private 
machine
behind a firewall and there is no way to communicate with it unless Linux A
talks first .  If a day goes by and i send a packet to 4.5.6.7, that will be
rewritten by the NAT box and sent onward to Linux A.  So I don't understand 
how
the NAT box is dropping the UDP packet coming from Linux B.  The rule on the
firewall supposedly says that all packets coming in on 4.5.6.7 for UDP on port
xxxx should be sent to Linux A.  So I think my case is different.

I know I'm dealing with a broken firewall/NAT box for the most part but I 
would
like to get enough information so that I can tell my ISP that basically their
NAT box sucks and for them to put my machine directly connected with the
Internet.  I already have iptables running on the machine and I'm sure that I
would be fine.  I just need enough info to present to them.

If anyone has any further thoughts on why this might be occurring please let 
me
know.

Thanks
Amith





<< | Thread Index | >> ]    [ << | Date Index | >> ]