• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NAT-PMP Broadcast Address?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT-PMP Broadcast Address?

  • Subject: Re: NAT-PMP Broadcast Address?
  • From: james woodyatt <email@hidden>
  • Date: Tue, 11 Sep 2007 12:26:06 -0700
On Sep 11, 2007, at 10:49, email@hidden wrote:

[...] Also, I think I found a flaw in NAT-PMP...because you can't query what ports your machine opened? I want to be able to check a port and see what it is. But the only way to do that is to basically try to remove the port. You will get an error code if another machine is using the port. However, if your computer had a port allocated, you just get an answer that you successfully either got the port, or changed its timeout, which for removal is a timeout of 0. There doesn't seem to be a way to determine if the port was already open. I realize that is how the spec is designed to work, so that multiple requests return multiple success replies, but this still seems to be a pretty major thing to overlook.

So is there any way to get a port list from an airport, maybe not even with NAT-PMP?

Not easily or reliably. AirPort can be configured to syslog its NAT- PMP events, which you could maybe try to parse and keep a record. There is no mechanism in NAT-PMP for querying whether a private port is mapped and, if so, to what public port. This was the result of a deliberate decision on the part of its designers. As I recall, we wanted the protocol to be extremely easy to implement and maintain, so this feature was left out because we deemed it both unnecessary and insufficient. Unnecessary, because the only reason you need to know whether a port is mapped to you or not is to decide whether to ask for it to be mapped. Just ask to map the port if you don't know. If it's already mapped, NAT-PMP will return the mapping you already have. It's insufficient because the general problem of network management is broader than just tracking what private ports are mapped to what public ports.

What you really want is a way to access the NAT/firewall state and rules tables remotely. I'd argue that this should be part of the SNMP MIB. Alas, there is no standard for NAT/firewall MIBs and the AirPort doesn't implement a non-standard one at this time. You're pretty much out of luck.


--
james woodyatt <email@hidden>
member of technical staff, communications engineering


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >NAT-PMP Broadcast Address? (From: email@hidden)


 >Re: NAT-PMP Broadcast Address? (From: Matt Slot <email@hidden>)


 >Re: NAT-PMP Broadcast Address? (From: email@hidden)






    

  • Prev by Date:
Re: NAT-PMP Broadcast Address?

    • 

  • Next by Date:
Re: Socket timeout issue

    • 

  • Previous by thread:
Re: NAT-PMP Broadcast Address?

    • 

  • Next by thread:
Re: NAT-PMP Broadcast Address?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •