* [IPTABLES] Symmetric NAT?
@ 2005-10-14 12:10 Olivier GRALL
2005-10-16 14:33 ` Harald Welte
0 siblings, 1 reply; 3+ messages in thread
From: Olivier GRALL @ 2005-10-14 12:10 UTC (permalink / raw)
To: netfilter-devel
Hi,
I was making some tests with STUN when I realize that my NAT box was a
simple Linux Box with an IPTABLES rule with a MASQ target. What seemed
strange to me was that the STUN result was "Port restricted cone ".
I made a new with NATcheck.exe... same result.
http://midcom-p2p.sourceforge.net/
I was sure IPTABLES NAT was Symmetric and not Port restricted cone. What
about it ?
In the "Procceding of NetFilter Developer WorkShop 2004", Harald Welte
reported "
netfilter however implements (SNAT and MASQ) as ssymmetric.
"
For me, with MASQ it is Port restricted cone and with SNAT+DNAT it is
Symmetric. Is it true ?
Thanx,
--
Olivier GRALL
R&D Engineer *NeoTIP** S.A.*
4, rue Louis de Broglie
22300 Lannion
France
olivier.grall@neotip.com <mailto:olivier.grall@neotip.com> +33 (0)2 96
48 66 94
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [IPTABLES] Symmetric NAT?
2005-10-14 12:10 [IPTABLES] Symmetric NAT? Olivier GRALL
@ 2005-10-16 14:33 ` Harald Welte
0 siblings, 0 replies; 3+ messages in thread
From: Harald Welte @ 2005-10-16 14:33 UTC (permalink / raw)
To: Olivier GRALL; +Cc: netfilter-devel
On Fri, Oct 14, 2005 at 02:10:46PM +0200, Olivier GRALL wrote:
> Hi,
>
> I was making some tests with STUN when I realize that my NAT box was a simple Linux Box with an IPTABLES
> rule with a MASQ target. What seemed strange to me was that the STUN result was "Port restricted cone ".
>
> I made a new with NATcheck.exe... same result.
> http://midcom-p2p.sourceforge.net/
>
> I was sure IPTABLES NAT was Symmetric and not Port restricted cone. What about it ?
> In the "Procceding of NetFilter Developer WorkShop 2004", Harald Welte reported "
>
> netfilter however implements (SNAT and MASQ) as ssymmetric.
> "
iptable_nat implements a fully symmetric port-overloading NAT.
--
- Harald Welte <laforge@netfilter.org> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
^ permalink raw reply [flat|nested] 3+ messages in thread
* [IPTABLES] Symmetric NAT ?
@ 2005-10-18 7:07 Olivier GRALL
0 siblings, 0 replies; 3+ messages in thread
From: Olivier GRALL @ 2005-10-18 7:07 UTC (permalink / raw)
To: netfilter
Hi,
I was making some tests with STUN when I realize that my NAT box was a
simple Linux Box with an IPTABLES rule with a MASQ target. What seemed
strange to me was that the STUN result was "Port restricted cone ".
I made a new with NATcheck.exe... same result.
http://midcom-p2p.sourceforge.net/
I was sure IPTABLES NAT was Symmetric and not Port restricted cone. What
about it ?
In the "Procceding of NetFilter Developer WorkShop 2004", Harald Welte
reported "
netfilter however implements (SNAT and MASQ) as ssymmetric.
"
For me, with MASQ it is Port restricted cone and with SNAT+DNAT it is
Symmetric. Is it true ?
Thanx,
--
Olivier GRALL
R&D Engineer *NeoTIP** S.A.*
4, rue Louis de Broglie
22300 Lannion
France
olivier.grall@neotip.com <mailto:olivier.grall@neotip.com> +33 (0)2 96
48 66 94
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-18 7:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-18 7:07 [IPTABLES] Symmetric NAT ? Olivier GRALL
-- strict thread matches above, loose matches on Subject: below --
2005-10-14 12:10 [IPTABLES] Symmetric NAT? Olivier GRALL
2005-10-16 14:33 ` Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.