Hi,
Look at this topology.
192.168.1.1 10.0.0.1 10.0.0.2
172.0.0.1
------------ -------------------
-------------- ------------
| PC 1 |----------------| NAT (linux)
|---------------------------| router |----------------------| PC 2
|
------------ -------------------
-------------- ------------
192.168.1.100
172.0.0.100
Configure "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" on
NAT(linux) with two different version kernel.
On PC1, ping 172.0.0.100 -t 3, PC2 can be reached with both kernel version.
ping 172.0.0.100 -t 2, I got 2 different results with 2 different
kernel version on NAT(linux).
I got ttl-expired icmp response from router with old version, but got
no response at all with upgrade kernel version.
No matter with which kernel version, router sends ttl-expired icmp
response from 10.0.0.2 to 10.0.0.1. It's forwarded to the internal
network by old version kernel, but considered as the traffic to the
local process by the upgraded version kernel.
Notice that ping 172.0.0.100 -t 3 works well in both cases.
It seems like the old version performed as a Cone NAT, well the
upgraded one performed as a symmetric NAT. So, what's the default NAT
type if I set rule as "iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE", full cone NAT, port restricted cone NAT, restricted cone
NAT, or symmetric NAT? Can this be configurable? If it's configurable,
how to do that?
Thanks.
Sean.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
