[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans

To: ossig@xxxxxxxxxxx
Subject: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
From: SianLun Lau <wahlau@xxxxxxx>
Date: Thu, 4 Nov 2004 15:57:10 +0100
In-Reply-To: <20041104130057.GB31231@localhost.localdomain>
Organization: not-so-organized
References: <20041104062955.GA11318@bugs.md.com.my><20041104084244.0000409c@wl-lt><20041104075332.GA11792@bugs.md.com.my><20041104091754.00002aba@wl-lt><20041104085549.GA13312@bugs.md.com.my><20041104101815.00006b7a@wl-lt><20041104093249.GA13909@bugs.md.com.my><20041104111323.0000329f@wl-lt><20041104130057.GB31231@localhost.localdomain>
Reply-To: ossig@xxxxxxxxxxx
Sender: owner-ossig@xxxxxxxxxxx

On Thu, 4 Nov 2004 21:00:57 +0800
Christopher DeMarco <cdemarco@fastmail.fm> wrote:

> > so in a  way, you don't  need NAT in  order to make the two
> > networks realise each other's existance.
> 
> That's cute, I  didn't realize that.  But  the problem is that in
> this case the other party we're connecting to is expecting  us to
> come from the same network as  they're using -  and I don't intend
> to re-address my network.  So the NAT requirement still stands.

what application they need to use in order to demand the same network?
we have people who connect remotely using ipsec tunnel, to get his
remote desktop from Canada to Germany without needing the *same*
network, so i doubt they really understood *same* network when they
say with what they have asked.

with NAT it does not help the situation at all, you can't even reach a
specific NAT'ed workstation or server from the other side, unless you
do some port forwarding :)

> No takers on whether I can do the NAT on  the same physical machine
> as the IPsec?

you gotta use your iptables that it would NAT your packets rushing
towards IPSECx i guess. i have no idea. read through the freeswan
faqs, or iptables manuals.

SL

---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

References:
- [ossig] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNATshenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: Christopher DeMarco

Prev by Date: Re: [ossig] FOSS Meet
Next by Date: Re: [ossig] Revolution OS Screening Reminder
Prev by thread: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
Next by thread: [ossig] Revolution OS Screening Reminder
Index(es):
- Date
- Thread