<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: options config...
From: SBNelson,AT,thermeon,DOT,com
Date: Thu, 13 Feb 2003 17:01:30 +0100

> Linux A--------NAT/Firewall---| Internet |-----------Linux B
> 
> I understand what you are saying, but what I don't understand is that
> there is a
> static IP address mapped to Linux A.  Its not like Linux A is a private
> machine
> behind a firewall and there is no way to communicate with it unless Linux
> A
> talks first .  If a day goes by and i send a packet to 4.5.6.7, that will
> be
> rewritten by the NAT box and sent onward to Linux A.  So I don't
> understand how
> the NAT box is dropping the UDP packet coming from Linux B.  The rule on
> the
> firewall supposedly says that all packets coming in on 4.5.6.7 for UDP on
> port
> xxxx should be sent to Linux A.  So I think my case is different.
> 
> I know I'm dealing with a broken firewall/NAT box for the most part but I
> would
> like to get enough information so that I can tell my ISP that basically
> their
> NAT box sucks and for them to put my machine directly connected with the
> Internet.  I already have iptables running on the machine and I'm sure
> that I
> would be fine.  I just need enough info to present to them.
> 
> If anyone has any further thoughts on why this might be occurring please
> let me
> know.
> 
I would make it clear to your ISP that you are running a UDP "server" and
you expect incoming UDP packets that are not related to any outbound packet.

I think they crafted the firewall rules as if you are running a UDP "client"
program  --  it automatically adds the outbound destination IP address to
the list of allowable inbound IP addresses, with a timer. 





<< | Thread Index | >> ]    [ << | Date Index | >> ]