From: Sharevon <sharevon@gmail.com>
To: netfilter@vger.kernel.org
Subject: What's the default NAT type by using MASQUERADE target.
Date: Fri, 18 Dec 2009 14:28:22 +0800 [thread overview]
Message-ID: <a4ece3070912172228j734a9a74yeb7f6f99640192d1@mail.gmail.com> (raw)
Hi,
Look at this topology.
192.168.1.1 10.0.0.1 10.0.0.2
172.0.0.1
------------ -------------------
-------------- ------------
| PC 1 |----------------| NAT (linux)
|---------------------------| router |----------------------| PC 2
|
------------ -------------------
-------------- ------------
192.168.1.100
172.0.0.100
Configure "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" on
NAT(linux) with two different version kernel.
On PC1, ping 172.0.0.100 -t 3, PC2 can be reached with both kernel version.
ping 172.0.0.100 -t 2, I got 2 different results with 2 different
kernel version on NAT(linux).
I got ttl-expired icmp response from router with old version, but got
no response at all with upgrade kernel version.
No matter with which kernel version, router sends ttl-expired icmp
response from 10.0.0.2 to 10.0.0.1. It's forwarded to the internal
network by old version kernel, but considered as the traffic to the
local process by the upgraded version kernel.
Notice that ping 172.0.0.100 -t 3 works well in both cases.
It seems like the old version performed as a Cone NAT, well the
upgraded one performed as a symmetric NAT. So, what's the default NAT
type if I set rule as "iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE", full cone NAT, port restricted cone NAT, restricted cone
NAT, or symmetric NAT? Can this be configurable? If it's configurable,
how to do that?
Thanks.
Sean.
reply other threads:[~2009-12-18 6:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4ece3070912172228j734a9a74yeb7f6f99640192d1@mail.gmail.com \
--to=sharevon@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).