From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] IL and NAT From: nigel@9fs.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-apybwrxrobjqbpliblsvznsbtl" Message-Id: Date: Sat, 18 Nov 2000 18:42:05 +0000 Topicbox-Message-UUID: 2ca8dcb8-eac9-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-apybwrxrobjqbpliblsvznsbtl Content-Disposition: inline Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Before we are too down on NAT implementations, there is a distinction between NAT and NAPT, according to various RFCs and associated documents. NAT means what is says: address translation. NAPT means address and port. You can simply translate addresses and maintain the port, but this means that typically only one internal node can communicate.If you do this, then the protocol is irrelevant, and IL would pass through. In fact, since it has been mentioned, Lucent devices (neƩ Ascend), worked this way until it became apparent that Cisco had implemented NAPT and they rolled out the full monty. They called it "single address translation". Once you choose to translate ports as well, as has been said, you need to understand where the ports are; for TCP and UDP it is in the same place, so they get done. It is completely unsurprising that other protocols aren't. ICMP gets done because it's dull if you can't traceroute and ping. It takes hacks, but it can be done. FTP is depressing. Anyone out there designing protocols: take note, don't embed IP addresses in the stream. Others are as bad, or insoluble: luckily, they are less important, like IRC or RealAudio. On top of this, to create some 'reliability', commerical NAT routers have a list of TCP and UDP ports which they are prepared to translate. 'Known good' if you like. My Pipeline 75 does not do POP3 automatically. I had to tell it to, despite the protestations of the manuals. I looked for a software update, but since Lucent bought them, this doesn't happen any more. Some other products, I understand, refuse straightforward protocols like POP3 despite best efforts. So, the summary is use 9p over TCP, not IL, unless you can rewrite your router. This is becoming easier since both FreeBSD and Linux have WAN drivers, and NAT code. As it happens, all translation in FreeBSD is done using a library, with plug-ins for various awkward protocols. Fix the library, and all the various translators (natd, pppd, pppoed) would all fall into line. Modifying the implementation to do IL would be straightforward I think. --upas-apybwrxrobjqbpliblsvznsbtl Content-Type: message/rfc822 Content-Disposition: inline Received: from mail.cse.psu.edu ([130.203.4.6]) by cpu; Sat Nov 18 13:55:18 GMT 2000 Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.18.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 16A22199EB; Sat, 18 Nov 2000 08:54:09 -0500 (EST) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [195.224.76.132]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 55D44199E6 for <9fans@cse.psu.edu>; Sat, 18 Nov 2000 08:53:52 -0500 (EST) Received: from localhost (chiark.greenend.org.uk) [127.0.0.1] (theoh) by chiark.greenend.org.uk with esmtp (Exim 3.12 #2) id 13x8RD-0007iy-00 (Debian); Sat, 18 Nov 2000 13:53:51 +0000 To: 9fans@cse.psu.edu Subject: Re: [9fans] IL and NAT In-Reply-To: Your message of "Fri, 17 Nov 2000 22:21:26 EST." <20001118032427.B11EB199E6@mail.cse.psu.edu> References: <20001118032427.B11EB199E6@mail.cse.psu.edu> From: Theo Honohan Message-Id: Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0rc1 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the O/S Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Sat, 18 Nov 2000 13:53:50 +0000 geoff@x.bell-labs.com wrote: > scott wrote: > > > > Isn't it the case that some applications, like ftp, encode ip address > > and port information in application layer traffic, which NAT has to > > account for? Linux seems to have code to handle that sort of stuff > > (linux/net/ipv4/ip_masq*). > > I'm not sure; it's certainly possible that individual applications do > such things. I think Scott's right. All viable NAT products do this, although it's not strictly part of NAT. A search for "NAT" on Cisco's site confirms that they support the use of "PORT" in ftp, and a slew of features of other protocols that would otherwise be broken by NAT. --upas-apybwrxrobjqbpliblsvznsbtl--