On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
This thought crossed my mind earlier today, when I asked Jeff if IP-forged packets would make it through a NAT, outbound. He said no (I think), but I'm not entirely sure that's right.
Welll - the packets might make it out, and be transmitted into the Internet, but they would have a legitimate source address, namely an outside address of the NAT router. A side effect of NAT is to clamp the source address range of outbound packets to the configured NAT outside address range. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017