Home page logo
/

nanog logo nanog mailing list archives

Re: Common operational misconceptions
From: Owen DeLong <owen () delong com>
Date: Thu, 16 Feb 2012 22:41:43 -0800

I believe he understands just fine. However, his point (and I agree with him) is that
if you are behind NAT, it isn't full end-to-end functionality, even if it does allow some
degraded form of end-to-end connectivity with significant limitations which are not
present in the absence of NAT.

"I can't use your address" is inherent in the network.
"I can't use whatever port number I want on my side of the connection" is not.

Owen

On Feb 16, 2012, at 10:24 PM, Masataka Ohta wrote:

Valdis.Kletnieks () vt edu wrote:

No, you said specifcially that it can be restored by end system*S*
plural.

Yes, end to end connectivity is restored.

However, that end to end connectivity is restored does not
mean your boxes can use 131.112.32.132 nor port 49734.

Yes, I can get one box listening.  Now tell me how to get
the second and third boxes listening on the same port.

Perhaps, you misunderstand how end systems behind NAT
must interact with UPnP or something like that to be
able to restore the end to end connectivity.

End systems behind UPnP boxes are allocated disjoint
sets of global port numbers, only among which, end
systems can use as their global port numbers.

End systems can obtain information on port numbers
they can use through UPnP or something like that.

Thus, there is no port number collision at the global
side of the UPnP box.

Similar mechanism is described in draft-ohta-e2e-nat-00.txt

                                              Masataka Ohta



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault