From owner-freebsd-security@FreeBSD.ORG Fri May 13 16:45:13 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 086FA16A4CE for ; Fri, 13 May 2005 16:45:13 +0000 (GMT) Received: from mail.duth.gr (mail.duth.gr [192.108.114.110]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C06843D70 for ; Fri, 13 May 2005 16:45:11 +0000 (GMT) (envelope-from bigbrother@bonbon.net) Received: from bigb3server.ath.cx (b9-29.xan.duth.gr [193.92.211.29]) by mail.duth.gr (8.13.1/8.13.1) with ESMTP id j4DGjAVA051210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 13 May 2005 19:45:10 +0300 (EEST) (envelope-from bigbrother@bonbon.net) Received: from bigb3server.bbcluster.gr (localhost [127.0.0.1]) by bigb3server.ath.cx (8.13.1/8.13.1) with ESMTP id j4DGhLuo093036 for ; Fri, 13 May 2005 19:43:21 +0300 (EEST) (envelope-from bigbrother@bonbon.net) Received: from localhost (bigbrother@localhost)j4DGhL8h093033 for ; Fri, 13 May 2005 19:43:21 +0300 (EEST) (envelope-from bigbrother@bonbon.net) X-Authentication-Warning: bigb3server.bbcluster.gr: bigbrother owned process doing -bs Date: Fri, 13 May 2005 19:43:21 +0300 (EEST) From: BigBrother-{BigB3} Cc: freebsd-security@freebsd.org In-Reply-To: <1121231288.20050513172559@625.ru> Message-ID: <20050513193813.W73276@bigb3server.bbcluster.gr> References: 6667 <20050511205723.48284.qmail@web41210.mail.yahoo.com> <20050513092907.J73276@bigb3server.bbcluster.gr> <1121231288.20050513172559@625.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Scanned-By: MIMEDefang 2.51 on 192.108.114.110 X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-1.6 (mail.duth.gr [192.108.114.110]); Fri, 13 May 2005 19:45:10 +0300 (EEST) X-Mailman-Approved-At: Sat, 14 May 2005 12:46:32 +0000 Subject: Re[3]: icmp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:45:13 -0000 On Fri, 13 May 2005, Danil V. Gerun wrote: > BB> In my NATED (ipfw+natd) lan EVERY internal host (192.168.XX) can ping > BB> simultaneously any external host and ALL getting their proper ICMP > BB> replies. > > Well, I didn't configure "ICMP NAT" for my LAN, but I'm just > wondering: what if _some_ internal hosts start pinging one external > host? Is each of them going to recieve all the icmp replies?.. > > > As I told you If _some_ internal hosts start pinging one external host, everyone gets their proper answer. They are not going to receive all the icmp replies. Everyone receives his reply. Use natd -v to figure out Here is a snip: Out [ICMP] [ICMP] 192.168.???.130 -> 192.108.???.43 8(0) aliased to [ICMP] 193.92.???.26 -> 192.108.???.43 8(0) In [ICMP] [ICMP] 192.108.???.43 -> 193.92.???.26 0(0) aliased to [ICMP] 192.108.???.43 -> 192.168.???.130 0(0) Make some experiments with natd -v and you will understand this. --- Dreams have no limits!