Re[2]: icmp problem

From: BigBrother-{BigB3} (bigbrother_at_bonbon.net)
Date: 05/13/05

  • Next message: Danil V. Gerun: "Re[3]: icmp problem" 
    Date: Fri, 13 May 2005 09:33:08 +0300 (EEST)

    On Fri, 13 May 2005, Danil V. Gerun wrote:

    >
    > AW> I would guess, that ICMP packets do not have a port number (just a
    > AW> request/response id), so that the NAT cannot distinguish multiple
    > AW> ICMP packet sources (I mean: The response from the ICMP requestee
    > AW> cannot be mapped back to the appropriate ICMP requester).
    >
    > AW> Hmm... I just think, that (if you have multiple ICMP requestees)
    > AW> the NAT could be able to map back the ICMP requester IP by the IP
    > AW> of the ICMP requestee. But I do not know, how your router works...
    >
    > AW> Maybe your computer-pool could elect an ICMP-master, who
    > AW> coordinates all the ICMP traffic through the NAT.
    >
    > AW> Bye
    > AW> Arne
    >
    >

    In my NATED (ipfw+natd) lan EVERY internal host (192.168.XX) can ping
    simultaneously any external host and ALL getting their proper ICMP
    replies.

    If you have a straightforward setup you wont have any problems. Just try a
    simple test...Run ipfw with one divert rule only, and the "natd"
    application and see what happens if you ping.

    I think that you are using some limiters in your ipfw rules.

    Rgz,

    BB 

    ---
Dreams have no limits!
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Danil V. Gerun: "Re[3]: icmp problem"