NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IETF RFC 4787 and NAT behaviour recommendations

from [Dupond Jean] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: IETF RFC 4787 and NAT behaviour recommendations
From: Dupond Jean <mootrul@yahoo.fr>
Date: Fri, 6 Apr 2007 02:45:47 -0700 (PDT)
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=HXbokWWDF6MG8GheByggq8fW2fUVW/RsNX6pesRq8GV+dVJh5WdKejv54Xv6x6QeLVqc69QK9BoWDWkS+WS4gld1VQLElPZxcw5q5TSBDsaA3vrONAcTF8cbnGEkoMZlpaltoLF//2Gklm5lP+cyItkkd+YNhBBL+t0refMRXM0=;
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org 

Hi,



I saw new recommendation about NAT behaviour have been (or are about to be) 
released :

http://tools.ietf.org/html/draft-ietf-behave-tcp

http://tools.ietf.org/html/rfc4787



I
made a rapid test that seems to show that actual version of
netfilter/iptables with a basic SNAT or MASQUERADE rule like this :

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

implement a "Address and port dependant filering behaviour" (for UDP).



(recommendation is Endpoint independent or Address dependent filtering)



Is it possible (how ?) to have a "Endpoint independent" for example ?

If not, is the netfilter developpement team generaly tending to try to be 
compliant with IETF recommendations ?


Best Regards,


Jean







        

        
                
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur 
Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • IETF RFC 4787 and NAT behaviour recommendations, Dupond Jean <=
Previous by Date:  Re: packets to local addresses, MKS
Next by Date:  Re: packets to local addresses, Martijn Lievaart
Previous by Thread:  iptables, multiple hosts, one IP, jj
Next by Thread:  WARNING: "ipt_unregister_match", Patrick Ale
Indexes:  [Date] [Thread] [Top] [All Lists]