Quote:>Dominik, if I understand you correctly, wouldn't there be problems
>when you have multiple machines behind a NAT gateway (using natd or
>ppp -alias) that perform DNS querys to name servers on the Internet?
Without looking through the libalias source (which I really should one of
these days), I would assume that natd establishes some state when a machine
makes an outgoing "connection" on a UDP port, and times it out when nothing
arrives for that machine for a set length of time. It may special-case the
DNS port (probably does), or perhaps just special-tune the timeouts, or it
may work for any similar UDP service (of which there aren't many - whois
is a TCP connection to port 43 btw). It does special-case certain other
connections, primarily incoming FTP data connections (which can reasonably be
matched up to a control connection - I suppose this could theoretically break
if two masqueraded-for machines were connected to the same server at the same
time, but it's unlikely).
Quote:>I don't think UDP is an issue as long as one of my machines sends
>the first datagram out to the Internet. Then my natd (or ppp -alias)
>knows where to send returning datagrams. If the machine on the Internet
>tries to send the first datagram in, then it could be a problem.
Exactly; unfortunately, some types of services are necessarily server-
initiated, and some others are just badly designed for NAT's purposes (ie.
battle.net). redirect_port will work around this for one internal host, though
the assumptions of Quake II's funky timing prediction may still suffer.
Quote:>Mark, I expect the -redirect_port command line option would be useful
>to send all traffic to a particular machine. According to the man page,
>it can be used for tcp and udp traffic. You have read the natd man
>page, haven't you?
If you can't play with words, what good are they?