UDP, TCP, and NAT (was Thomas is a doodoo head)
Thomas Charron
twaffle at gmail.com
Fri Jul 13 18:21:08 EDT 2007
On 7/13/07, Thomas Charron <twaffle at gmail.com> wrote:
> > >> By your own statement, explain then why NAT routers need to do
> > >> 'funny things' with very basic UDP based services, like DNS.
> > > They don't. I have never had to do application-layer inspection
> > > with DNS. Nor NTP. Fire up WireShark and look at the packets if you
> > > don't believe me.
> > ... and correlate what you see with WireShark to what the Linux
> > NetFilter source does. Find me any code that does anything beyond
> > port number rewriting just to make DNS work, and I'll gladly eat crow
> > (provided you provide sanitary, cooked crow meat for me to eat).
> You are correct, Linux NetFilter *does* operate in the case of DNS
> as you say. But others do not, and will actually maintain state
> information based on the serial number of the DNS request contained
> inside the UDP packet.
Clarification. When I sent that, I knew it sounded wrong. I meant
NOT the request 'serial number' but the request sequence number.
--
-- Thomas
More information about the gnhlug-discuss
mailing list