[OT]Re: logging remote IP address
From: Dakota Jack [mailto:[EMAIL PROTECTED] Subject: Re: logging remote IP address The IP address that is exposed to the public, which is the one I use, has to be different or there would be no way to get back to the client machine. Charles Wrote: Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work. To expand on this, the job of a nat or pat device is not only to re-write the IP in the packet for as you say the packet would never return to the user, but to also keep track of all the connections established out bound and where they come from on the inside. When you make a request you send out a packet. It's destination is port 80 but the source on your machine may be any upper port. So it could look like: Source 192.168.10.31 port 14984 Destination 206.67.68.2 port 80 When the pat/nat devices gets done Source 67.34.126.21 port 44543 Destination 206.67.68.2 port 80 What is critical is that the pat/nat device remembers that: 192.168.10.31 port 14984 equals 67.34.126.21 port 44543 and thus reverses the changes in the packet. If another machine goes out it will get a unique port and thus the pat/nat device can keep track of which one is which. As for what is nat and pat. nat: Network address translation. All inside adresses are converted to one (Masqurade) outside address or one inside address is translated into a specific outside address. With the later your client will alwas have the same address. pat: pooled address translation. Same as Masqurade but done with a pool of addresses to support more clients. Hope this helps. Doug PS I think we left the pavement a long time ago, and thus this would be off topic. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT]Re: logging remote IP address
snip On Sat, 29 Jan 2005 22:58:01 -0500, Parsons Technical Services Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work. /snip Yes, once again, I agree with this. Jack -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ You can't wake a person who is pretending to be asleep. ~Native Proverb~ Each man is good in His sight. It is not necessary for eagles to be crows. We are poor . . . but we are free. ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
