NAT Helpers?

Frans Luteijn f.a.g.luteijn at knoware.nl
Thu Oct 20 01:27:37 CEST 2005 

Some time ago, I had a similar question. Someone came with a little
program
called udp-proxy.
(See
http://lists.netfilter.org/pipermail/netfilter/2004-December/057580.html)

Search in Google for udpproxy and udprelay.

For dhcp-relay use the program dhcrelay, compiled from the dhcp-source
and
included in most distributions.

R. DuFresne schreef:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> isn't the key to this "solution" a bridge?  I mean afterall you are trying
> to join two seperate braodcast domains and the best way to do that is with
> a bridge, or am I missing something here?
>
> Thanks,
>
> Ron DuFresne
>
> On Mon, 12 Sep 2005, Derick Anderson wrote:
>
> >
> >
> >> -----Original Message-----
> >> From: netfilter-bounces at lists.netfilter.org
> >> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of /dev/rob0
> >> Sent: Sunday, September 11, 2005 8:09 AM
> >> To: netfilter at lists.netfilter.org
> >> Subject: Re: NAT Helpers?
> >>
> >> On Saturday 2005-September-10 00:05, James Stickland wrote:
> >>> My problem with this network setup is that when the terminal server
> >>
> >> With WHAT network setup? I saw no information about a network.
> >>
> >>> attempts to join the domain, or do such things as browse all the
> >>> network shares (as opposed to typing in their ip address),
> >> it attempts
> >>> connections to the 10.10.10.7 broadcast address.  The problem lies
> >>> within the router  - it does not forward broadcasts.
> >>
> >> Why not? A broadcast is just another IP. This is sometimes
> >> true but not always true. It might depend on your rules. A
> >> clear explanation of the issue helps in finding a resolution.
> >
> > I actually tried once to get DHCP to broadcast across two subnets with
> > no success (I allowed the ports to be forwarded, didn't block 0.0.0.0 or
> > 255.255.255.255, etc.). Of course DHCP uses 0.0.0.0 and 255.255.255.255
> > so that may be a special case. But usually broadcast addresses are
> > defined within a subnet (like 10.0.0.255) and so I would think they
> > wouldn't be routed outside the subnet by design.
> >
> > Just my thoughts - or maybe I misunderstood this part of the issue.
> >
> > Derick Anderson
> >
> >
>
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>          admin & senior security consultant:  sysinfo.com
>                          http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
>                  -Tom Robbins <Still Life With Woodpecker>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFDJdVZst+vzJSwZikRAm4zAJwOTuX1VS9sHnhFCcqRI1zAhihAiQCgx26d
> mY5ZZ/8SmdnXRUJ+awLcPW4=
> =FBgM
> -----END PGP SIGNATURE-----



--
Frans Luteijn
PGP PblKey fprnt=C4 87 CE AF BC B6 98 C1  EF 42 A1 9A E2 C0 42 5B
GPG PblKey fprnt=ED20 0F25 C233 DC59 3FFA  170E D0BF 15F5 0BA6 1355

More information about the netfilter mailing list