Originally posted by ButchDeal
View Post
Breaking down your sentence, I gather the following info:
"Static addresses work as it does its own arp table updates"; true, the arp table on the router can get updates from the DHCP leases or by just picking-up the broadcast arp messages from an unknown client (which a static IP client would be until it's first traffic to the gateway).
"and all the traffic is outbound,"; using NAT without any port forwarding or DMZ enabled, this is a requirement, though it should be "all traffic should be *originated* from the internal subnet", but once a TCP connection is made, or once a UDP packet is sent to a remote host then inbound traffic can commence.
"The arp table updates are broadcast and the router updates its NAT table based on them."; the first part is correct, but NAT tables aren't updated by arp broadcasts. These get updated once a non-local subnet packet is received from an internal IP address. There's no need to update the NAT table until a packet from an internal host is sent to the gateway to be routed to an external host, and at that point it will cache the MAC/IP of the internal host so it knows where to send the response from the remote host.
I guess the point is... routers may not intentionally block internally generated traffic from static hosts, but some might just because their firmware is crap. I'll agree with that.
Comment