[EMAIL PROTECTED] wrote on 18-9-2007 8:59: > 3) Router forwards packet to 10.10.10.10#123 WITHOUT changing ANYTHING in > the IP headers. The destination address is of course changed in the IP headers. The important thing is that both source and destination port number remain untouched.
The rest of your explanation seems perfect to me. I believe it's even possible to have more than one ntp server behind one nat this way (tough only one public), as long as the state of the others is kept the regular way. When a packet comes in, the nat device checks the table, any "unexpected" packets (not in the table) are forwarded to the public ntp server. This forwarding of unexpected packets can of course be considered a security problem. Additional filtering may be desired. Jan _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
