Margaret Wasserman - le (m/j/a) 3/23/09 10:58 PM:
On Mar 23, 2009, at 5:56 PM, james woodyatt wrote:
On Mar 23, 2009, at 14:39, Fred Baker wrote:
The more appropriate case, called for in RFC 4787, might be to
recognize that this is about to happen and instead of changing the
source address, change the destination address. This results in the
target seeing a datagram from/to the ULA. One direction goes through
the DMZ, but the replies are direct.
That can work for UDP, in those applications that don't care so much
about source and destination addresses for matching session
endpoints, but it doesn't work for connection-oriented transports,
e.g. TCP, SCTP, DCCP, etc. For those transports, hairpinning
requires the NAT to translate both the source and destination addresses.
Also, ingress filtering requires, in my understanding, that what you
send could return to you if source and destination would be permuted.
Your right. Translation of both addresses is needed, effectively
translating in both the outbound and inbound directions, so that the
return packets will go back through a NAT66 box to be translated back
again.
+1 for this choice.
RD
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
