NAT-Hostile Protocols

Because of their intrinsic operation, NAT gateways in the communication path of certain protocols might disturb their inner working. Good examples are H.323/SIP, FTP, end-to-end IPSec, and peer-to-peer applications. Unfortunately, these problems often are caused by inconsiderate application development and easily could have been avoided (RFC 3235, "Network Address Translator (NAT)?Friendly Application Design Guidelines"). In the case of H.323, this can be compensated easily by application level gateway (ALG) mappings of modern firewall engines (for example, Cisco PIX Firewall) or the use of H.323 gatekeepers/proxies.

Keep in mind that stateful NAT and stateful inspection firewall issues are related and often intertwined. Special pains are applications that use random ports.

Command Syntax Conventions

Chapter 1. Operating System Issues and Features-The Big Picture

Chapter 2. User-Space Routing Software

Chapter 3. Kernel Requirements for a Full-Featured Lab

Chapter 4. Gateway WAN/Metro Interfaces

Chapter 5. Ethernet and VLANs

Chapter 6. The Analyzer Toolbox, DHCP, and CDP

Chapter 7. The UNIX Routing and ARP Tables

Chapter 8. Static Routing Concepts

Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing

Chapter 13. Policy Routing, Bandwidth Management, and QoS

Chapter 14. Multicast Architectures

Chapter 15. Network Address Translation

The NAT Foundation-Basic/Traditional NAT

NAT, PAT(NAPT), Masquerading, and Port Mapping/Multiplexing

Static NAT and ARP/Routing Issues

Redirection (Port Forwarding/Relaying or Transparent Proxying)

UNIX NAT Approaches

NAT-Hostile Protocols

Future Developments: NAT-T, MPLS+NAT, Load Balancer

NAT Redundancy-Stateful Failover

Recommended Reading

Appendix A. UNIX Kernel Configuration Files

Appendix B. The FreeBSD Netgraph Facility