On 2/4/2013 5:46 PM, KOVACS Krisztian wrote:
Hi,
On Mon 04 Feb 2013 01:19:10 PM CET, Eliezer Croitoru wrote:
On 2/4/2013 2:02 PM, KOVACS Krisztian wrote:
Unfortunately not using the same source port is not an ultimate solution, either: if you use a random source port you still have a chance that it will clash with the endpoint of another existing TCP connection. Most likely to not since it's a pair of ip+port to ip+port. Your basic assumption is that there are two devices that controls the same ip and port assignment. on a machine the OS tries to avoid using the same port for the same dst as a basic rule.
Yes, but only for local sockets. However, in this case the endpoint address is first chosen by the client's TCP stack and then on the proxy's TCP stack. The latter does not have a socket bound to the address yet, so it will be happy to choose the exact same port.
on a nat machine it depends on the nat type but linux from box don't do this kind of nat that will make such thing happen.
Yep, that's true, the NAT code avoids conntrack duplicates at all costs. (Even if that means an extra implicit translation.)
Sorry I havn't seen the context of the mail and it seems like I got my answers while you were trying to help them. Thanks, Eliezer
-- KOVACS Krisztian
-- Eliezer Croitoru http://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il