[162033] in North American Network Operators' Group
Re: BCP38 tester?
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Mon Apr 1 12:23:50 2013
Date: Mon, 1 Apr 2013 12:23:35 -0400 (EDT)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <1364787851.2136.7.camel@karl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Karl Auer" <kauer@biplane.com.au>
> On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
> > This thought crossed my mind earlier today, when I asked Jeff if
> > IP-forged
> > packets would make it through a NAT, outbound. He said no (I think),
> > but
> > I'm not entirely sure that's right.
>
> Welll - the packets might make it out, and be transmitted into the
> Internet, but they would have a legitimate source address, namely an
> outside address of the NAT router. A side effect of NAT is to clamp the
> source address range of outbound packets to the configured NAT outside
> address range.
D'oh. Of course.
Hmmm. That says things about the penetration of NAT routers at consumer
eyeball connections vs. directly connected PCs that surprise me.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
