On Wed, 31 Mar 2004, Randy Haley wrote: > Is it possible to force the gnatbox not to nat www traffic when leaving > outbound on the external interface? > > I want to implement a content filtering device off the external interface > and use a route-map on my router to force all outbound www traffic to the > filtering device. However, I believe the gnatbox uses dynamic port numbers > when processing the www requests on the protected network, am I right?
It isn't quite clear what you are asking. ... a. For an outbound session request, gnatbox MUST preserve the destination port address, will create its own source port for the packet and assign the IP address of the interface. To the remote server, it will look like a request to port 80 (or whatever was in the URL, etc.) from the gnatbox IP. This is necessary. Return packets will carry the gnatbox port and 80 are the origin port. The gnatbox will map the external port to the internal port and external IP to the internal ip. b. In bound requests will have the destination port mapped if specified in the gnatbox configuration, always to the same value. The source port is NATed (unless explicitly configured otherwise). The origin IP can be preserved or NATed. Dave Morris ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
