On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 10:50, el...@sentor.se wrote:
Not that this helps this thread to move on, but just to clarify:
In this case, the NAT that would introduce the randomized src port would
be *your* NAT, not a NAT at pool.ntp.org.
Deny UDP [2604:a880:800:10::bc:c004]:123 [2001:470:1f11:1e8::2]:58285 in
via gif0
The blocked response came from port 123 just as expected.
If the client truly sent out a query from src port 123, then it must have
been your NAT that picked a free random port to use for its outgoing
connection, i.e. port 58285.
The server then respond back to your NAT-IP 2001:470:1f11:1e8::2 at port
58285.
Your NAT should receive the packet, match it against its NAT table, find
that it has indeed an ongoing UDP connection for that particular flow, so
it rewrites the dst IP and dst port to your original internal IP address
and original port (123) and send it back to the client.
/Elof
There's no NAT involved with my IPv6.
Good. :-)
As I was saying, this was just a sidetrack to clarify that the portNAT
would not be located at the ntp-server side.
/Elof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
