In message <1364787851.2136.7.camel@karl>, Karl Auer writes:
On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
This thought crossed my mind earlier today, when I asked Jeff if IP-forged packets would make it through a NAT, outbound. He said no (I think), but I'm not entirely sure that's right.
Welll - the packets might make it out, and be transmitted into the Internet, but they would have a legitimate source address, namely an outside address of the NAT router. A side effect of NAT is to clamp the source address range of outbound packets to the configured NAT outside address range.
Regards, K.
It depends on how the nat is configured. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org