Hi, Did you read the mail I sent in detail? As I was unable to find information about incoming packet handling in those documents, I must believe you misunderstood my question to be about 'how do I redirect a port in my NAT to an internal host'. Not so.
I was mainly curious of the following: An internal node senda two UDP packets from 10.0.0.1:2000 and 10.0.0.1:2001 to 1.1.1.1:3000 and 1.1.1.2:3001, respectively. The sources of these are mapped in the NAT to 11.0.0.1:20000 and 11.0.0.1:20001. The crux is when someone sends a packet to either of these mapped ports, assuming 11.0.0.1:20000; does the NAT discard the packet if it has source: - 1.1.1.1:3000 (of course not, always valid before the timeout) - 1.1.1.1:2999 (source IP ok, sport wrong) - 1.1.1.2:3001 (source IP in the map but for 10.0.0.1:20001, not :20000) etc. there are quite a few combinations. With "public port forwarding", the behaviour must not of course depend on the source address or port. On Mon, 25 Mar 2002, Henrik Nordstrom wrote: > Pekka Savola wrote: > > > I take it you don't comment on how > > ipchains/ipfwadm NAT does this? That knowledge would also be very much > > appreciated as there are still (mostly) 2.2 -kernel boxes around. > > The NAT capabilities of Linux-2.2 ipchains is quite limited, only having > "masquerade" NAT. It maps any number of internal IP addresses to a > specific portrange on a single external IP address. > > There is also a related but similarly limited NAT function in Linux-2.2 > for incoming traffic called PORTFW. It allows you to forward ports on > the external IP address to designated servers on the inside. > > In both cases the NAT6 is TCP/UDP session aware. > > See the Linux IP Masquerad HOWTO for relatively detailed documentation > of the capabilities and limitations of Linux masquerade NAT (including > the port forwarding for incoming sessions). > > Note: The Linux-2.4 netfilter NAT capabilites are a huge leap forward > compared to the ipchains/ipfwadm capabilities. > Regards > Henrik Nordström > -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
