NATed peer & ports
Guus Sliepen
guus at sliepen.eu.org
Thu Jan 20 23:43:29 CET 2005
On Thu, Jan 20, 2005 at 10:29:10PM +0100, Tobias Wimmer wrote:
> I've got a question about the fact that the source port of an outbound
> packet may not be altered by a masquerading firewall. Unfortunately the
> example on the website does not explain why this has to be done. Forwarding
> an inbound packet is often needed but WHY has the source port to remain
> unchanged? I'm not a too good coder so it's hard for me to reproduce what
> happens. Is this something that is by design of tinc or could it be changed?
>
> The reason I'm asking this question is that not changing the source port is
> something that can be done easily with linux or similar but for almost every
> "home router" it's impossible. This makes tinc very hard to implement for
> "home" use, which is really too bad... :-(
It is by design: the combination of source address and port is used to
determine which from which tinc daemon packets are received. You can use
TCPOnly = yes in your host config file if you are behind a NAT.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20050120/704c1657/attachment.pgp
More information about the tinc
mailing list