Jeffery,
Thanks a lot for your reply.
I am not sure whether UDP traffic = non-session oriented traffic.Are you
sure about that?If yes,could you please show me some technical source about
that? I agree that DNS is a good example of typical UDP traffic and I also
knew that it could get through the stateful inspection firewall+NAT very
well.
So what's your point is that the stateful inspection firewall+NAT could get
along with the non-session oriented IP traffic well and shouldn't face that
kind problem.
Some other interesting questions:
1,Would the stateful inspection firewall+NAT have some problems with the
website which are applied with a dynamic server farm mechanism or technology
of web load balancing(like yahoo,there have 32 maybe more game
servers(yog0-yog31) to dynamically deal with the requirement for
game.yahoo.com)?
2,If company XX applied the default configuration of the stateful inspetion
firewall (like: Deny all from WAN to LAN,Allow all from LAN to WAN) and
NAT,are there any special websites(applying special upper-layer protocols or
special ports) couldn't be reached by company XX?Did you or any other expert
have the experience on it?
Regards,
Yale
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 2:35 PM
To: Ye, Xiaodong; [EMAIL PROTECTED]
Subject: Re: About non-session-oriented IP traffic
Yale,
#1,Who could please show me what kinds of website or applications typically
#include non-session-oriented IP traffic?
Do you mean UDP traffic? DNS would be an example of typical UDP traffic.
#2,Is stateful inspeciton firewall+NAT has the problem with the
#non-session-oriented IP traffic(couldn't get through that firewall+NAT)?
All NAT really does is change the source or destination IP address from one
IP address to another. It usually maintains some sort of table for
changing the return packets in the session back to the correct IP address.
If you have non-session oriented traffic NAT will still change the IP
address without problems.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
