We also need to keep in mind that NAT according to the RFC has been implemented loosely by many vendors. NAT on the el'cheapo firewalls is NOT a full implementation like that in Linux. True NAT must keep track of state so that things like VOIP and video conferencing can get a reply back to their ack messages when the session is setup. SIP is especially sensitive to such things (thusly why Vonage is being eaten alive by tech support calls) and why firewall vendors are struggling to do a full implementation that also keeps track of state. RTCP used for things like H.323 video conferencing and many SIP implementations MUST have a reply back on session setup or you get weird things like calls that ring forever on the caller side, but never ring answer on the destination.
NATD (aka masquerading) is supposed to be a fuller implementation, but so far results have been mixed. I'm trying to find enough time to get some different firewalls built to utilize the VOIP test gear coming in for my july IP-PBX shootout for Infoworld...I'm especially interested in seeing how well the new versions of NATD work as well as Zebra. GateD has sold out and is no longer open source...MITRE corp seems to want a serious pound of flesh for what started out opensource. So while this wasn't very helpful (sorry), but I did want to point out that many folks are considering VOIP and video conferencing while they mumble under their breath about NAT...and unless you take care, you may find both leaving you feeling unsatisfied.... /brian chee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vince Hoang Sent: Tuesday, June 01, 2004 9:40 PM To: Linux/Unix Advocates/Users Hawaiian community discussion list Subject: Re: [LUAU] VPN On Fri, May 28, 2004 at 08:58:33PM -1000, Randall Oshita wrote: > But I was just wondering if port translation is the same as > port redirection. Is it safe to say that the nat daemon does > port translation as well as address. Maybe. I tried natd 5 years ago. It did what I needed it to do at the time, but I quickly moved to ipf as soon as I had the chance. If you need help with it, contact me offlist. > If so then NAT = NAPT. Wonder why lots of ppl use it in > different context. NAPT? My googling mentions NAPT as a means to translate IPV4 to IPV6. I generally see NAT and masquerading/overloading/PAT referred to collectively as NAT. -Vince _______________________________________________ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau