the firewall can NATed correctly and enough.From: "spoft" <spoft@xxxxxxxx> To: "ding dang" <jiadeip@xxxxxxxxxxx> Subject: Re: Could someone tell me the rules of port translation in SNAT ? Date: Wed, 7 Jan 2004 16:19:53 +0800
dst ip, dst port, and SNATed sport of the connections must be unique. So
So when:different between two connetions.
1) dst ip and dst port are same,then the SNATed sport must be
2) dst ip or dst port is different, then the SNATed sport may be samebetween two connections.
Thanks.
For 2) above: when will the SNATed sport be different then?
>Internet
> But what i observed is:(SNAT using UDP port 20000-30000)
>
> private addr netfilter port Internet addr
> 10.0.0.8:2000 ---> 20000 ----> 193.0.0.8:3000
> 10.0.0.8:2001 ---> 20000 ----> 193.0.0.8:3001
> 10.0.0.8:2002 ---> 20000 ----> 193.0.0.8:3002
> that means DIFFERENT UDP requests from private network for DIFFERENT
> Internet destination result in a same Netfilter port no matter the
> destination sends reply or not ;destination
>
> private addr netfilter port Internet addr
> 10.0.0.8:2000 ---> 20000 ----> 193.0.0.8:3000
> 10.0.0.8:2001 ---> 20001 ----> 193.0.0.8:3000
> 10.0.0.8:2002 ---> 20002 ----> 193.0.0.8:3000
> DIFFERENT UDP requests from private network for a SAME Internet
> result in DIFFERENT Netfilter ports, why?http://messenger.msn.com/cn
>
> _________________________________________________________________
> 与联机的朋友进行交流,请使用 MSN Messenger:
> > >
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
