On Monday, September 17, 2007 at 21:58:44 +0200, Jan Hoevers wrote: >I see little harm in a stateless NAT setup, no tables to overflow, just
If your router does a translation but doesn't keep state, then how do you make sure the port numbers of the reply match the port numbers of the query? For example: you get a query from IP 1.2.3.4 port 1234 to your router's external IP of 8.7.6.5 on port 123. This translates to 10.0.0.1 port 123. So far, so good. The reply from your server has destination 1.2.3.4 port 1234 and source 10.0.0.1 port 123. Your router needs to translate the source address and will probably also translate the source port, in case there is no state. End result: the client ignores the reply, because the source port doesn't match with query it had sent. You might get away with it, if you can prevent the source port of the reply packet from being translated. Maurice _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
