[162008] in North American Network Operators' Group
Re: BCP38 tester?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon Apr 1 00:08:19 2013
To: Karl Auer <kauer@biplane.com.au>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Mon, 01 Apr 2013 14:44:11 +1100."
<1364787851.2136.7.camel@karl>
Date: Mon, 01 Apr 2013 15:07:54 +1100
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <1364787851.2136.7.camel@karl>, Karl Auer writes:
> On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
> > This thought crossed my mind earlier today, when I asked Jeff if IP-forged
> > packets would make it through a NAT, outbound. He said no (I think), but
> > I'm not entirely sure that's right.
>
> Welll - the packets might make it out, and be transmitted into the
> Internet, but they would have a legitimate source address, namely an
> outside address of the NAT router. A side effect of NAT is to clamp the
> source address range of outbound packets to the configured NAT outside
> address range.
>
> Regards, K.
It depends on how the nat is configured.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
