UDP, TCP, and NAT (was: ...)
Ben Scott
dragonhawk at gmail.com
Fri Jul 13 09:25:59 EDT 2007
On 7/12/07, Ben Scott <dragonhawk at gmail.com> wrote:
> Every dynamic NAT implementation I've ever used, ever, did this.
> Heck, Linux 2.0 could do it, so long as you didn't want a firewall,
> too. Can you find me any dynamic NAT implementation which *doesn't*
> handle UDP?
Bit of clarification on my terminology here: I'm specifically
talking about dynamic one-to-many translation of both addresses and
port numbers. Some call this "NAPT" (Network Address/Port
Translation).
Any kind of one-to-one translation of addresses (either static or
dynamic), will, of course, support UDP and almost everything else.
The only things that break down are application protocols which derive
return IP addresses from the payload.
>> By your own statement, explain then why NAT routers need to do
>> 'funny things' with very basic UDP based services, like DNS.
>
> They don't. I have never had to do application-layer inspection
> with DNS. Nor NTP. Fire up WireShark and look at the packets if you
> don't believe me.
... and correlate what you see with WireShark to what the Linux
NetFilter source does. Find me any code that does anything beyond
port number rewriting just to make DNS work, and I'll gladly eat crow
(provided you provide sanitary, cooked crow meat for me to eat).
-- Ben
More information about the gnhlug-discuss
mailing list