Le 13/11/2016 à 11:09, Joe a écrit :
Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:Le 12/11/2016 à 23:32, Joe a écrit :The SNAT should not be an issue, it can handle all protocols transparentlyNo it cannot. NAT is not possible with some IP protocols. Plain IPSec (without NAT-T encapsulation) is the first one that comes in mind.I used to have a fair bit to do with PPTP through three or four NATs,
PPTP rather falls into the "complex protocols" described below.
Also many complex protocols such as FTP or SIP (nothing exotic here) require special support and this is not transparent as it requires messing with the payload, not only with the packet headers. Use of encryption with these protocoles may come in the way and defeat NAT handling.Is ssh really a more difficult protocol to handle than http?
No. SSH relies on a single TCP connection, like TCP and other "simple" protocols. I reacted to you writing "NAT can handle *all* protocols *transparently*".
I'm using 'protocol' in the small-p sense, not referring specifically to Internet Protocols.
What is the "small-p sense" ?