Gavin writes:

> The way this is *supposed* to work is that the box performing the NAT will
>  magically see the IP address being sent to the client and "fix it" by
>  dynamically altering the packet to include the external address of the
>  target machine.  It's quite amazing that this works so well normally that
>  most people don't know that their NAT box is frantically rewriting packets
>  left and right so that the IP Addresses look correct to everyone involved,
>  even though each end normally doesn't know the "real" IP Address that they
>  are talking to.
>
>  But this fancy NAT stuff only works if the NAT implementation knows about
>  all the protocols that you are going to use that send embedded IP Addresses
>  in the data.

I have no idea how far you can extend NAT, but this was not its original
design concept. It was originally designed as a mechanism to "save the world"
through the conservation of IP addresses, where the outside world continued
to use an increasingly scarce set of "real world" IP addresses and the inside
LAN used only "private addresses". Having the HP3000 have an internal address
of 192.1.1.111 violates that concept.

The HP3000's IP address should have an address more akin to 192.168.1.111 (as
should every device on the internal LAN), an address that lies within one of
the reserved private, non-routable IP address spaces that were meant to be
used over and over within every corporation -- and translated only into
real-world addresses by the NAT-based routers when their packets, like Elvis,
leave the building.

Wirt Atmar

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *