On Tue, 2022-03-15 at 15:08 -0600, Alberto Leiva wrote: > > My > > understanding of that is that ports are not mapped unless >1 > > RFC1918 > > hosts happen to use the same source ports, so "extra" ports are not > > even necessary until there is such a collision. > > Not sure if I understand you correctly, but I don't think that's how > it works.
Why map a source port if it's not being used by the NATting device, either for itself or for another device? I.e. 192.168.0.1:1234- >8.8.8.8:443 should map simply to 204.1.2.4:1234->8.8.8.8:334 assuming that 204.1.2.4 is the external IP address and that port 1234 is not in use by either the NAT device or another 192.168.0.0/24 host. Then your pool of ports is 65535 ports, not just a few thousand. This is how netfilter seems to do it. Witness: client-window1$ telnet 1.2.3.4 8888 client-window2$ ss -apn | grep 1.2.3.4 tcp SYN-SENT 0 1 10.75.22.1:34030 1.2.3.4:8888 nat_router# tcpdump -i eth0.2 -s 0 -n host 1.2.3.4 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes 17:38:45.568717 IP 135.23.51.187.34030 > 1.2.3.4.8888: Flags [S], seq 1198725277, win 64240, options [mss 1460,sackOK,TS val 3032196574 ecr 0,nop,wscale 7], length 0 17:38:54.080731 IP 135.23.51.187.34030 > 1.2.3.4.8888: Flags [S], seq 1198725277, win 64240, options [mss 1460,sackOK,TS val 3032205086 ecr 0,nop,wscale 7], length 0 As you can see, nat44 on linux is using the client port that the internal host used as it's own client port. > A mapping needs to be created every time a new source port is used. Yes, understood. But the entire 64K of ports are usable and only need re-mapping if in use, which should be rare on small internal networks. > (BTW: BIB binding = BIB entry) Since I have no idea what BIB is even BIB entry and BIB binding are equally opaque. But it's probably not important. > Add "-i ilinx" (without quotes) between "jool" and "bib". I did try that already but since it simply repeated the same error with the word ilinx instead of default I didn't think that was the solution: # jool -i ilinx bib display --tcp --numeric Error: The kernel module returned error 3: This namespace lacks an instance named 'ilinx'. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
