RE: [NAT] NAT question
"Tim Dorcey" <Tim.Dorcey@eyematic.com> Thu, 23 August 2001 00:41 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27145; Wed, 22 Aug 2001 20:41:07 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA08317; Wed, 22 Aug 2001 20:37:17 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA08293 for <nat@ns.ietf.org>; Wed, 22 Aug 2001 20:37:15 -0400 (EDT)
Received: from smtp.eyematic.com ([63.251.194.20]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27089 for <nat@ietf.org>; Wed, 22 Aug 2001 20:35:55 -0400 (EDT)
Received: from la-exch-001.la.int.eyematic.com (la-exch-001.la.int.eyematic.com [63.251.194.55]) by smtp.eyematic.com (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with ESMTP id f7MI2Zv12456; Wed, 22 Aug 2001 11:02:35 -0700
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Subject: RE: [NAT] NAT question
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Date: Wed, 22 Aug 2001 17:36:36 -0700
Message-ID: <11C75CC6CCB5AB44898CBCA2865C2351034840@la-exch-001.la.int.eyematic.com>
Thread-Topic: [NAT] NAT question
Thread-Index: AcEraXLZn2sTdqZTT1GGA+4LGa8u5gAACL8A
From: Tim Dorcey <Tim.Dorcey@eyematic.com>
To: Matt Alexander <m@netpro.to>, nat@ietf.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id UAA08294
Sender: nat-admin@ietf.org
Errors-To: nat-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Network Address Translation <nat.ietf.org>
X-BeenThere: nat@ietf.org
Content-Transfer-Encoding: 8bit
I don't know about TCP, but with UDP, "IP Masquerade" (Linux) will forward the UDP packet to the proper destination, but without translating the source address. This means the server reply will go directly back to the client private IP, rather than through the NAT. I guess this is more efficient routing, but would confuse most protocols, since the reply is coming from the server private IP, rather than the NAT address it was sent to. If it does the same thing with TCP, that would explain the problem. Not sure if there is any reason why it works this way, or if it just turned out that way. It would seem to be more sensible if the NAT treated all packets addressed to the external address the same, whether they originate internally or externally. If you want more efficient routing, THEN make sure the clients on the private network use the server's private IP in the first place. Tim > -----Original Message----- > From: Matt Alexander [mailto:m@netpro.to] > Sent: Wednesday, August 22, 2001 5:15 PM > To: nat@ietf.org > Subject: [NAT] NAT question > > > I have a question about NAT (IP Masq) that I've wondered about... > Let's say you have a setup like this: > > > Internet > -------- > | > | > | > |-----| > | NAT | > |-----| > | > | > |-----| |------| > | HUB |-------| Web | > |-----| |Server| > | |------| > | > |--------| > | client | > |--------| > > > The NAT box is also port-forwarding any requests on the > external interface > for port 80 to the Web server. The web server and the client > boxes have > private IP addresses. Users connecting from the Internet are able to > access the Web server without any problems, but if a user > sitting on the > internal network on the client box tries to access the web server, it > will do a lookup and get the external IP address of the NAT > box, and the > connection to the web server will fail. In the past I've > dealt with this > situation by either putting the web server's private IP > address in all the > client's hosts files, or I've setup a DNS server on the > internal network. > So my question is, why does NAT fail in this situation? Why > doesn't the > client's request get redirected back to the web server? I'm fairly > comfortable with TCP/IP so feel free to get as detailed as possible. > Thanks, > ~M > > > _______________________________________________ > nat mailing list > nat@ietf.org > http://www1.ietf.org/mailman/listinfo/nat > _______________________________________________ nat mailing list nat@ietf.org http://www1.ietf.org/mailman/listinfo/nat
- [NAT] NAT question Matt Alexander
- RE: [NAT] NAT question Tim Dorcey