7/10/2023 0 Comments Edge router netmap src addressIt has to keep this record so it knows which internal host to translate back to when it receives an inbound packet. It can only maintain one "connection" record with remote host X on port 80 per source port. You also have a problem on the NAT host, as it can't tell the difference between the two either. It is most likely to drop the packets associated with the second connection attempt because the sequence numbers are going to be wrong. They particularly look the same to the remote host X. B's packets (after NAT) look like: src: N:17835, dst: X:80. A's packets (after NAT) look like: src: N:17835, dst: X:80.B's packets (when generated, before NAT) look like: src: B:17835, dst: X:80.Īfter NAT, assuming no translation of source port:.A's packets (when generated, before NAT) look like: src: A:17835, dst: X:80.Second, assume you actually have an extra coincidence where internal hosts A and B both try to communicate with external host X on port 80 with source port 17835. The answer to your first question is in the answer to the second, so I'll take a stab at the second, and you share if it doesn't answer the first.įirst, assume your NAT host only has one IP address (N) to translate to. Machines on the same network sent out a message but had the same Hypothetically didn’t translate the source port and two separate So why must it be translated? Also what would happen if NAT This is actually good, because before that was true it was way too easy to break existing connections by predicting the source port number (the "unreach" attack using ICMP DESTINATION UNREACHABLE packets). Instead it is assigned (somewhat) randomly. It does, but generally the source port is not specified by the application. Many (most?) protocols don't depend on the source port for TCP connections, so that's the simplest approach, and it rarely hurts.ĭoesn’t a port represent an application that’s requesting a service? Given that it is sometimes required, and given that the NAT system therefore needs to track source port for some traffic, and because there are efficiencies in doing something the same way every time, most NAT implementations don't make an effort to re-use the original source-port on the NATted connection. However, sometimes that translation IS required. You're right to ask this question, and to be frank, it doesn't always need to. I’m beginning to learn about nat and I was wondering why does NAT UDP has some differences, and I'm not as up-to-speed on that part. First, I'm assuming you're focused on TCP.
0 Comments
Leave a Reply. |