I would like to make my own user-mode NAT application.
I have the folowing scheme:
VM2[192.168.8.2] —— [192.168.8.1]Win2003[192.168.9.1] —— [192.168.9.2]VM1
VM3[192.168.8.3] _/
VM4[192.168.8.4] _/
- I’m capturing RAW IP packets on 8.1 and 9.1 interfaces.
- Some packets from 8.1 are transfered to 9.1 interface this way: 8.2->9.2 replaced by 9.1->9.2
- Some packets from 9.1 are transfered to 8.1 interface this way: 9.2->9.1 replaced by 9.2->8.2
My application does not bind any ports at all – it is only capturing from interfaces.
I saw this scenario:
- 8.2->9.2 translated to 9.1->9.2 contains SYN flag
- 9.2->9.1 translated to 9.2->8.2 containt SYN+ACK flags
- And step 2 contains 9.1->9.2 with RST flag…
Windows Server 2003 resets my NATed connection. I don’t want to bind any ports at all.
How can I handle this?
UPDATE:
user1202136, how is it possible to:
Use Windows Firewall to block RST packets from the ports your
user-space NAT uses.
without writing own NDIS driver?
According to the TCP specification, a RST is always sent when an ACK (or SYN+ACK) is received on a port which is not bound to any process. This is done to ensure that node crashes can be reliably detected.
In your case, it is the TCP/IP implementation in Windows Server 2003 that generates the RST packet. You should either prevent the ACK from reaching the TCP layer or block the RST from reaching the wire. You could try doing this in several ways: