[LUAU] VPN

Richard mypop3mail at yahoo.com
Wed Jun 2 02:07:04 PDT 2004 

Google "rfc stun". It explains different types of NAT
and how to detect them. Some are friendly to VOIP and
some are not...



--- Brian Chee <chee at hawaii.edu> wrote:
> We also need to keep in mind that NAT according to
> the RFC has been
> implemented loosely by many vendors. NAT on the
> el'cheapo firewalls is NOT a
> full implementation like that in Linux. True NAT
> must keep track of state so
> that things like VOIP and video conferencing can get
> a reply back to their
> ack messages when the session is setup. SIP is
> especially sensitive to such
> things (thusly why Vonage is being eaten alive by
> tech support calls) and
> why firewall vendors are struggling to do a full
> implementation that also
> keeps track of state. RTCP used for things like
> H.323 video conferencing and
> many SIP implementations MUST have a reply back on
> session setup or you get
> weird things like calls that ring forever on the
> caller side, but never ring
> answer on the destination.
> 
> NATD (aka masquerading) is supposed to be a fuller
> implementation, but so
> far results have been mixed. I'm trying to find
> enough time to get some
> different firewalls built to utilize the VOIP test
> gear coming in for my
> july IP-PBX shootout for Infoworld...I'm especially
> interested in seeing how
> well the new versions of NATD work as well as Zebra.
> GateD has sold out and
> is no longer open source...MITRE corp seems to want
> a serious pound of flesh
> for what started out opensource.
> 
> So while this wasn't very helpful (sorry), but I did
> want to point out that
> many folks are considering VOIP and video
> conferencing while they mumble
> under their breath about NAT...and unless you take
> care, you may find both
> leaving you feeling unsatisfied....
> 
> /brian chee
> 
> -----Original Message-----
> From: luau-bounces at lists.hosef.org
> [mailto:luau-bounces at lists.hosef.org] On
> Behalf Of Vince Hoang
> Sent: Tuesday, June 01, 2004 9:40 PM
> To: Linux/Unix Advocates/Users Hawaiian community
> discussion list
> Subject: Re: [LUAU] VPN
> 
> On Fri, May 28, 2004 at 08:58:33PM -1000, Randall
> Oshita wrote:
> > But I was just wondering if port translation is
> the same as
> > port redirection. Is it safe to say that the nat
> daemon does
> > port translation as well as address.
> 
> Maybe. I tried natd 5 years ago. It did what I
> needed it to do at
> the time, but I quickly moved to ipf as soon as I
> had the chance.
> If you need help with it, contact me offlist.
> 
> > If so then NAT = NAPT. Wonder why lots of ppl use
> it in
> > different context.
> 
> NAPT? My googling mentions NAPT as a means to
> translate IPV4 to IPV6.
> 
> I generally see NAT and masquerading/overloading/PAT
> referred to
> collectively as NAT.
> 
> -Vince
> _______________________________________________
> LUAU at lists.hosef.org mailing list
> http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
> 
> _______________________________________________
> LUAU at lists.hosef.org mailing list
> http://lists.hosef.org/cgi-bin/mailman/listinfo/luau



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

More information about the LUAU mailing list