In message <1364787851.2136.7.camel@karl>, Karl Auer writes: > On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote: > > This thought crossed my mind earlier today, when I asked Jeff if IP-forged > > packets would make it through a NAT, outbound. He said no (I think), but > > I'm not entirely sure that's right. > > Welll - the packets might make it out, and be transmitted into the > Internet, but they would have a legitimate source address, namely an > outside address of the NAT router. A side effect of NAT is to clamp the > source address range of outbound packets to the configured NAT outside > address range. > > Regards, K.
It depends on how the nat is configured. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org