RE: options config...|
Thu, 13 Feb 2003 17:01:30 +0100|
> Linux A--------NAT/Firewall---| Internet |-----------Linux B
> I understand what you are saying, but what I don't understand is that
> there is a
> static IP address mapped to Linux A. Its not like Linux A is a private
> behind a firewall and there is no way to communicate with it unless Linux
> talks first . If a day goes by and i send a packet to 220.127.116.11, that will
> rewritten by the NAT box and sent onward to Linux A. So I don't
> understand how
> the NAT box is dropping the UDP packet coming from Linux B. The rule on
> firewall supposedly says that all packets coming in on 18.104.22.168 for UDP on
> xxxx should be sent to Linux A. So I think my case is different.
> I know I'm dealing with a broken firewall/NAT box for the most part but I
> like to get enough information so that I can tell my ISP that basically
> NAT box sucks and for them to put my machine directly connected with the
> Internet. I already have iptables running on the machine and I'm sure
> that I
> would be fine. I just need enough info to present to them.
> If anyone has any further thoughts on why this might be occurring please
> let me
I would make it clear to your ISP that you are running a UDP "server" and
you expect incoming UDP packets that are not related to any outbound packet.
I think they crafted the firewall rules as if you are running a UDP "client"
program -- it automatically adds the outbound destination IP address to
the list of allowable inbound IP addresses, with a timer.