[Serusers] Nathelper question

Zeus Ng zeus.ng at isquare.com.au
Tue Jul 13 02:16:25 CEST 2004 

Certainly, I agree with you that the checking has its own weakness, I admit
it and I'm well aware of it.

This applies to some cable ISP as well as large organisation. For the
majority DSL users, I rarely have any trouble.

For users using cable ISP that NATed their internet connection, I do have
logic to check that and will force rtp proxying. However, they still have
trouble with other P2P applications. One by one, these users are moving away
from this kind of cable.

As for large organisation, most of them are deploying this kind of service
in-house. Also, they are responsible to maintain reasonable routing within
their organisation. If they are using two NATs to prevent communication from
one network to another network, I don't want to be the middle man helping
their users to violate their company policy.

Hopefully, all those whose adopt my logic understand what they are doing.

Zeus

> --On 10 July 2004 23:59 +1000 Zeus Ng <zeus.ng at isquare.com.au> wrote:
> 
> > Can you redraw your diagram and place ser in the path as 
> well. I don't 
> > understand what you are trying to illustrate.
> 
> 10.0.0.1 A -> NAT1 -192.168.0.1 \
>                                 |--> NAT3 --> 195.1.1.1 
> Internet -> Ser 10.0.0.2 B -> NAT2 -192.168.0.2 /
> 
> 
> > Personally, I've tried UAs behind two / three layers of NAT and it 
> > works, if it's what you are trying to say.
> >
> > Yes, there are situations where the logic break. Mostly, if 
> one UA is 
> > behind two NAT, one inner and one outer. The second UA is 
> behind the 
> > same outer NAT. As a service provider, it's not my problem. 
> My logic 
> > perfectly handles the outer NAT. As for the inner NAT, the 
> client has 
> > to figure it out internally.
> 
> Indeed - I was trying to illustrate a situation where the two 
> UAs are behind the same outer NAT but not behind the same 
> inner NAT. As far as I can see the test uses the heuristic 
> that the UAs are behind the same LAN if the packet 
> source/dest IP (i.e. routable addresses) are the same. This 
> heuristic fails when they are behind the same outer NAT (same 
> routable IP) but not behind the same inner NAT. It also fails 
> in circustances like this (AFAICS):
> 
> 10.0.0.1 A    -\ 10.0.0.0/8
>                |
>                |   195.1.1.1/24
>                NAT ---------------> Internet -> Ser
>                |
>                |
> 192.168.0.1 B -/ 192.168.0.0/16
> 
> i.e. where you have a dual-private-ported NAT (for instance a 
> corporate LAN and a lab LAN) with the same external IP.
> 
> Alex
>

More information about the sr-users mailing list