On Tue, 7 Apr 2009, Hugo Miguel Mendes wrote: > What I mean with Full Cone NAT is the following: > > 1. A packet is sent from a machine in the LAN from Address1:port100 to a > machine in the WAN with Address3:port200, the NAT converts the local > Address1:port100 to Address2:port100 which is the address assigned to > the home router by the ISP. So this packet is sent with source: > Address2:port100 and destination: Address3:port200. > 2. The packet received by the machine in the WAN in 1) is processed and > then the answer comes from a different machine with a different address > but using the same ports. So the response packet is sent by > Address4:port200 to Address2:port100. So this packet has source: > Address4:port200 and destination: Address2:port100. > 3. When the home router receives the response packet it has to ignore > the sending address in the matching table, so that all traffic received > in Address2:port100 is simply forward to Address1:port100. This is just > a Full Cone NAT. I answered you on Thu, 2 Apr 2009 when you asked the same question on the netfilter mailing list. The answer hasn't changed since then: currently there's no way to create full cone NAT. It might be possible to write a new full cone NAT target by creating wildcard expectations. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
