From owner-freebsd-security@FreeBSD.ORG Wed May 11 20:57:27 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECB7316A4CE for ; Wed, 11 May 2005 20:57:27 +0000 (GMT) Received: from web41210.mail.yahoo.com (web41210.mail.yahoo.com [66.218.93.43]) by mx1.FreeBSD.org (Postfix) with SMTP id 8BA4D43D78 for ; Wed, 11 May 2005 20:57:27 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 48286 invoked by uid 60001); 11 May 2005 20:57:23 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=rgaKAMyNhZI/Tsi8kW5kM8j984tuh/ddbLD56h8Ib3jUoLrCUkgu+9LqHwioknT5fPnAPqtwtfFN5Hx1eKb9Sn8pLFStcf9BWvv9x02pIyTzfaMyb9evXEPua4DTaoy//u+i0FNtfSXWnHbSSviitU92YZTJucZr5tW0S+4IF50= ; Message-ID: <20050511205723.48284.qmail@web41210.mail.yahoo.com> Received: from [83.129.183.66] by web41210.mail.yahoo.com via HTTP; Wed, 11 May 2005 13:57:23 PDT Date: Wed, 11 May 2005 13:57:23 -0700 (PDT) From: Arne "Wörner" To: george roman , freebsd-security@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: icmp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 20:57:28 -0000 --- george roman wrote: > hi i have a problem with my icmp, i have a router that > performs nat. i cannot ping to internet hosts from > more than one stations situated behind NAT at once. if > i want to ping from another station i have to stop the > ping that was initiated from the first host, and after > a few seconds i can ping from another station.i've > checked firewll and i have no ipfw rules that could > stop icmp traffic. where should i continue my search > and what can i do to resolv this problem. i really > have to get ping wrking from more than one stations at > once. > Hi! I would guess, that ICMP packets do not have a port number (just a request/response id), so that the NAT cannot distinguish multiple ICMP packet sources (I mean: The response from the ICMP requestee cannot be mapped back to the appropriate ICMP requester). Hmm... I just think, that (if you have multiple ICMP requestees) the NAT could be able to map back the ICMP requester IP by the IP of the ICMP requestee. But I do not know, how your router works... Maybe your computer-pool could elect an ICMP-master, who coordinates all the ICMP traffic through the NAT. Bye Arne __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail