On Mon, 25 Mar 2002, Harald Welte wrote: > On Mon, Mar 25, 2002 at 02:48:22PM +0200, Pekka Savola wrote: > > Hi, > > > > > 4) Finally, some NAT map the same internal address and port pair to > > different external address and port pairs, depending on the address > > of the remote host. These NATs are usually called "symmetric NATs". > > > > Measurement campaigns and studies of documentations have shown that > > most NAT implement either option 1 or option 2, i.e. cone NATs or > > restricted cone NATs. The Teredo solution ensures connectivity for > > all NAT types and all configurations, but it is legitimate to seek > > an optimization in the case of cone NAT or restricted cone NATs. > > --8<-- > > > > I'm curious which kind of NAT does Netfilter (and possibly old ipchains > > NAT) use? > > netfilter/iptables uses NAT-style four as described in the above > document.
Thanks for the information Harald. I take it you don't comment on how ipchains/ipfwadm NAT does this? That knowledge would also be very much appreciated as there are still (mostly) 2.2 -kernel boxes around. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords