[Serusers] Nathelper question

Alex Bligh alex at alex.org.uk
Mon Jul 12 11:39:46 CEST 2004



--On 10 July 2004 23:59 +1000 Zeus Ng <zeus.ng at isquare.com.au> wrote:

> Can you redraw your diagram and place ser in the path as well. I don't
> understand what you are trying to illustrate.

10.0.0.1 A -> NAT1 -192.168.0.1 \
                                |--> NAT3 --> 195.1.1.1 Internet -> Ser
10.0.0.2 B -> NAT2 -192.168.0.2 /


> Personally, I've tried UAs behind two / three layers of NAT and it works,
> if it's what you are trying to say.
>
> Yes, there are situations where the logic break. Mostly, if one UA is
> behind two NAT, one inner and one outer. The second UA is behind the same
> outer NAT. As a service provider, it's not my problem. My logic perfectly
> handles the outer NAT. As for the inner NAT, the client has to figure it
> out internally.

Indeed - I was trying to illustrate a situation where the two UAs
are behind the same outer NAT but not behind the same inner NAT. As far
as I can see the test uses the heuristic that the UAs are behind the
same LAN if the packet source/dest IP (i.e. routable addresses) are the
same. This heuristic fails when they are behind the same outer NAT
(same routable IP) but not behind the same inner NAT. It also fails
in circustances like this (AFAICS):

10.0.0.1 A    -\ 10.0.0.0/8
               |
               |   195.1.1.1/24
               NAT ---------------> Internet -> Ser
               |
               |
192.168.0.1 B -/ 192.168.0.0/16

i.e. where you have a dual-private-ported NAT (for instance a corporate LAN
and a lab LAN) with the same external IP.

Alex




More information about the sr-users mailing list