From: Jim Carter <jimc@math.ucla.edu>
To: Nathan Whittacre <nathan@stimulustech.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Connection Tracking
Date: Wed, 8 Oct 2003 11:09:40 -0700 (PDT) [thread overview]
Message-ID: <Pine.LNX.4.53.0310081100450.18217@simba.math.ucla.edu> (raw)
In-Reply-To: <3F844C62.5080804@stimulustech.com>
On Wed, 8 Oct 2003, Nathan Whittacre wrote:
> We do have control over the Nat box. It is a custom Linux router that
> we put in for these clients. The biggest problem with the DNATing to a
> specific internat IP is that several client computers will want to use
> it at different times. So, I don't want to have to change the DNATing
> every time a different computer wants to connect.
Bummer. You might plagarize the code from the FTP helper module,
designating the return connection to the NAT box's port 1066 as "related",
which you would then allow through the firewall and which would be
de-NATted so it went to whichever client the original connection belonged
to. It would be a whole lot easier if the client would accept the return
connection from an arbitrary source port (not just the mainframe's 1066),
so you won't have to think about conntracks hanging around, if a connection
shuts down uncleanly -- as far as the helper module is concerned,
arbitrarily many clients can use the service at once, with different source
ports, even if there's a limit at the mainframe.
But I've never actually tried doing this kind of thing. Other people on
the list, however, do seem to successfully make special modules. "Let's
you and him fight" :-)
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
next prev parent reply other threads:[~2003-10-08 18:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-06 17:46 Connection Tracking Nathan Whittacre
2003-10-08 16:46 ` Jim Carter
2003-10-08 17:41 ` Nathan Whittacre
2003-10-08 18:09 ` Jim Carter [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-09-03 16:35 Nicole
2012-09-04 11:30 ` Pablo Neira Ayuso
2003-10-06 17:42 Nathan Whittacre
2003-01-09 6:40 Amit Kumar Gupta
2002-06-21 15:25 Preston Wade
2002-06-21 14:54 Preston Wade
2002-06-21 15:03 ` Ramin Alidousti
2002-06-21 15:05 ` Antony Stone
2002-06-21 15:16 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.53.0310081100450.18217@simba.math.ucla.edu \
--to=jimc@math.ucla.edu \
--cc=nathan@stimulustech.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).