Charles Wrote:From: Dakota Jack [mailto:[EMAIL PROTECTED] Subject: Re: logging remote IP address
The IP address that is exposed to the public, which is the one I use, has to be different or there would be no way to get back to the client machine.
"Not true - the combination of IP address and PORT must be unique, not just the IP address. This is the essence of how NAT and proxies work."
To expand on this, the job of a nat or pat device is not only to re-write the IP in the packet for as you say the packet would never return to the user, but to also keep track of all the connections established out bound and where they come from on the inside.
When you make a request you send out a packet. It's destination is port 80 but the source on your machine may be any upper port. So it could look like:
Source 192.168.10.31 port 14984
Destination 206.67.68.2 port 80
When the pat/nat devices gets done
Source 67.34.126.21 port 44543
Destination 206.67.68.2 port 80
What is critical is that the pat/nat device remembers that:
192.168.10.31 port 14984 equals 67.34.126.21 port 44543
and thus reverses the changes in the packet.
If another machine goes out it will get a unique port and thus the pat/nat device can keep track of which one is which.
As for what is nat and pat.
nat: Network address translation. All inside adresses are converted to one (Masqurade) outside address or one inside address is translated into a specific outside address. With the later your client will alwas have the same address.
pat: pooled address translation. Same as Masqurade but done with a pool of addresses to support more clients.
Hope this helps.
Doug
PS I think we left the pavement a long time ago, and thus this would be off topic.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
