On 2007-01-05 14:59, Gary Mills wrote: > On Fri, Jan 05, 2007 at 01:34:43AM +0000, Jefferson Ogata wrote: >> 3. Serving box E receives the SYN packet and responds with a SYN/ACK >> from E:T -> C:P. The socket on the serving box is in SYN_RCVD state with >> remote endpoint C:P. Since the SYN/ACK destination C is remote, E sends >> the packet out through the default router, so the translating box D >> never sees this packet. > > Could serving box E fake the source of that packet so it appears to > come from translating box D? Is that all that's needed to make > this work?
Not sure. IP Filter expects to see both sides of the conversation so it can track the connection from SYN_SENT to ESTABLISHED and ultimately CLOSED. If it sees only one side, it may not forward or translate (depending on the configuration) non-SYN packets, or you may accumulate NAT entries until there's a problem. You'd have to test it, or maybe someone else knows for sure. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service
