Date: Wed, 30 Aug 2000 11:48:19 +0900 From: horio shoichi <horio@acm.org> To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipnat and icmp (II) Message-ID: <200008300251.e7U2p1D32186@ogyo.pointer-software.com> References: <Pine.BSF.4.21.0008281208020.560-100000@libertad.univalle.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
Buliwyf McGraw wrote: > > What i want to know is what rule i need to use in Server B, if i want to > do a traceroute/ping from 192.168.1.5 to www.hotmail.com, i dont care if > the answer for the request come from server B, what i want is to know if > some server on Internet is alive. > Can i do this with ipf/ipnat? > > I tried something crazy, like: > > map ed0 192.168.0.0/16 -> 240.1.0.0/24 portmap icmp 10000:20000 > > Obviusly, it doesnt work :/ > > Im looking for instructions about it, but in the examples i saw, always > talk about NAT for tcp/udp, never icmp. It is possible? Exactly what I encountered the first day of ipnat. Assuming your tcp/udp rule is: map ed0 192.168.0.0/16 -> 210.1.0.0/24 portmap tcp/udp 10000:20000 you need the following line after the rule: map ed0 192.168.0.0/16 -> 210.1.0.0/24 the likely reason of which is that since icmp can't be NATed by the first rule, it must be translated the other rule. HTH, horio shoichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008300251.e7U2p1D32186>