Just to clarify, the filtering behavior I’m looking for is often known as “full cone” or “pure cone” NAT.
> On Sep 29, 2020, at 6:33 PM, Joshua Moore <j...@jcm.me> wrote: > > > Hello, > > I have a need to relax the session lookup criteria on out2in packet > processing with NAT44 determinate mode. The behavior I am looking for is so > that as long as there is an initial session for a given destination IP:port > then any return packet to the translated port should be allowed regardless of > the source IP. Essentially, if I open a session from 100.65.0.2 to > 2.2.2.2:3074 and VPP creates a translation entry then the out2in processing > should allow any n:3074 source IP and not restrict the translation to return > packets only allowed from 2.2.2.2. > > It looks like this may have been possible with the below feature but it's not > available in determinate mode: > https://wiki.fd.io/view/VPP/NAT#Enable_or_disable_forwarding > > Are there any thoughts on this? Any suggestions on where I could perhaps > compile my own version of that allows endpoint-independent mapping? > > > > Thanks! > > > --Josh
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17600): https://lists.fd.io/g/vpp-dev/message/17600 Mute This Topic: https://lists.fd.io/mt/77210049/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
