On Wed, 2021-06-02 at 17:29 -0400, Martin Peach wrote:
>
> What is/are the issue{s} with firewall + NAT? Asking because I never
> used either, I only ever use them on a LAN.From what I know, NAT firewalls forward packets coming back from a public server only when previously a matching packet was sent from the client behind the firewall. They remember src and dst address of the outgoing packets and forward packets from the server (with reverse src and dst address) back to the client. If the client doesn't send anything for a certain while, the firewall "forgets" about the "connection". Client sends packet: UDP(src:(192.168.1.33:55444) dst:(195.176.247.12:3025)) Firewall translates this to: UDP(src:(81.4.3.1:55444) dst:(195.176.247.12:3025)) Server responds: UDP(src:(195.176.247.12:3025) dst:(81.4.3.1:55444)) Firewall looks it up in its translation table and forwards it to the local client: UDP(src:(195.176.247.12:3025) dst:(192.168.1.33:55444)) If the server uses a different src address (for instance, different port), the firewall simply discards the packet because it doesn't match anything in its lookup table. Also, some firewall also translate the port number. Many try to keep the port number, but that's not always possible, if - for example - two different local clients use the same bind port for a connection to the same destination address. Roman
signature.asc
Description: This is a digitally signed message part
_______________________________________________ [email protected] mailing list UNSUBSCRIBE and account-management -> https://lists.puredata.info/listinfo/pd-list
