From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <004701c050fd$a481eca0$0ab9c6d4@cybercable.fr> From: "Boyd Roberts" To: <9fans@cse.psu.edu> References: <20001118001754.DE2F0199E1@mail.cse.psu.edu> Subject: Re: [9fans] IL and NAT MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Sat, 18 Nov 2000 02:19:31 +0100 Topicbox-Message-UUID: 2c649f8a-eac9-11e9-9e20-41e7f4b1d025 From: > NAT routers generally have to rewrite port numbers (not just IP > addresses) ... yes, i tracked down a particularly nasty case of a firewall doing NAT to UDP packets with a destination port of 53 [DNS]. i found that some DNS servers would not reply to requests that didn't have a source port of 53; NAT having munged the source address and port. i would have found it a lot faster if my pleas for a protocol analyser had been heeded -- i'd only been bitching about it for a _year_. somehow i managed to forge up some queries that demonstrated the problem. i also had the added stumbling block of not knowing or being able to know the firewall's config. contractors were prohibited from going near them, except when things were _really_ screwed up. ``oh, but that's impossible, boyd... err, i see''.