stateful rules and UDP

Hi,

how comes some stateful firewall (eg iptables) and some NAT's
allows to keep track of "fake sessions" for UDP traffic.

For example, I've got:

- NAT at 10.0.0.1
- client A at 10.0.0.2
- client B at 10.0.0.3

Both client A and B contact a single server, on the same port,
by UDP.

Now when the server answers, how comes the NAT can dispatch to
either A or B ?

What would happen if the client side Socket for A was, say
10.0.0.2:33231
and the client side Socket for B was, say 10.0.0.3:33231 and they
where both to communicate with a single UDP server (on the same port) ?

Thanks in advance for any explanation,

Jean

(E-Mail Removed) wrote:
> Hi,
>
> how comes some stateful firewall (eg iptables) and some NAT's
> allows to keep track of "fake sessions" for UDP traffic.
>
> For example, I've got:
>
> - NAT at 10.0.0.1
> - client A at 10.0.0.2
> - client B at 10.0.0.3
>
> Both client A and B contact a single server, on the same port,
> by UDP.
>
> Now when the server answers, how comes the NAT can dispatch to
> either A or B ?
>
> What would happen if the client side Socket for A was, say
> 10.0.0.2:33231
> and the client side Socket for B was, say 10.0.0.3:33231 and they
> where both to communicate with a single UDP server (on the same port) ?

TCP and UDP state is tracked fully by all info on both endpoints of a
connection:
Source IP, Source port, Destination IP, Desitination port
As long as each combination is unique, the state is unique.