On 2020-08-07, Edward Carver <edwardlcar...@protonmail.com> wrote:
> Hi Misc,
>
> Does OpenBSD support Carrier Grade Nat (cg-nat)?
> Thanks for helping..
What do you mean by 'support'?
Running as a client behind one? Yes, that's transparent anyway (unless
you use vmd with its default "local prefix" address range which was
carefully chosen to conflict with the usual CGN address range).
As a router performing nat for others? Sort-of. Some will just say
that CGN is "NAT done by the ISP" and OpenBSD can do that. Others will
say that more is needed - typically CGN installations will dynamically
block off a range of ports for a user and tie in with logging ("user
x was assigned ports 1024-2047 from time y to z") so you can track
activity to a user without recording every single nat mapping (which
is a lot more intrusive information to store), and often allow all
traffic to that range through to the user regardless of whether
the user initiated a connection to that IP (helps for direct machine
to machine access for online gaming etc), OpenBSD doesn't do either
of those.
