Date: Thu, 27 Jul 2000 12:00:40 +0300 From: Yonatan Bokovza <Yonatan@xpert.com> To: "'net@freebsd.org'" <net@freebsd.org> Subject: NAT and UDP Sessions Message-ID: <00BF97DD9F3FD311AB860060084E50DD311BBA@exchange.xpert.com>
next in thread | raw e-mail | index | archive | help
Hi all, I have problem with UDP packets that goes bidirectionally via NAT. NAT is implemented by many machines and softwares, and a common problem is to define what exactly IS a "UDP Session". UDP is sessionless, meaning there is no "first packet" or "last packet" or any kind of (standard) netgotiation). The model i'm referring to is client behind NAT talking to a known server in UDP. Now, i think CheckPoint's FireWall-1 NAT uses "Statefull Inspection" to allow the server's packets to get back to the client if the client send the first packet. FW-1 will allow returning (server to client) packets up to a default of 30 seconds since the client-to-server packet was sent. From Cisco's site i gathered that the default for IOS NAT (thus probably for Cisco's PIX FireWall) is 300 Seconds (5Min) since the last packet. Anyone has similar information regarding other NAT implementation? Regards, Yonatan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00BF97DD9F3FD311AB860060084E50DD311BBA>