[162007] in North American Network Operators' Group
Re: BCP38 tester?
daemon@ATHENA.MIT.EDU (Karl Auer)
Sun Mar 31 23:44:28 2013
From: Karl Auer <kauer@biplane.com.au>
To: nanog@nanog.org
Date: Mon, 01 Apr 2013 14:44:11 +1100
In-Reply-To: <27642435.389.1364783548545.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
> This thought crossed my mind earlier today, when I asked Jeff if IP-forged
> packets would make it through a NAT, outbound. He said no (I think), but
> I'm not entirely sure that's right.
Welll - the packets might make it out, and be transmitted into the
Internet, but they would have a legitimate source address, namely an
outside address of the NAT router. A side effect of NAT is to clamp the
source address range of outbound packets to the configured NAT outside
address range.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
