From owner-freebsd-security Mon Aug 28 10:58:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11]) by hub.freebsd.org (Postfix) with ESMTP id 5999B37B423 for ; Mon, 28 Aug 2000 10:56:41 -0700 (PDT) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id e7SHN9801362 for ; Mon, 28 Aug 2000 12:23:16 -0500 (COT) Date: Mon, 28 Aug 2000 12:23:09 -0500 (COT) From: Buliwyf McGraw To: freebsd-security@FreeBSD.ORG Subject: Re: ipnat and icmp (II) In-Reply-To: <39A9E05B.D3248245@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Question: Can i do masquerade for icmp packets using ipf/ipnat??? > > > > For example: > > A B > > _ _ > > |_| Ping Request |_| > > --- for hotmail --- --> Internet > > --- --> --- > > 192.168.1.5 Real IP > > Using ipf/ipnat > > |_________________________________________| > > My Intranet, where the server B > > do ip masquerade for all the subnet > > 192.168.1.0 > > If you mean "does ipf/ipnat translate ICMP packets properly?" the answer is > yes. What i want to know is what rule i need to use in Server B, if i want to do a traceroute/ping from 192.168.1.5 to www.hotmail.com, i dont care if the answer for the request come from server B, what i want is to know if some server on Internet is alive. Can i do this with ipf/ipnat? I tried something crazy, like: map ed0 192.168.0.0/16 -> 240.1.0.0/24 portmap icmp 10000:20000 Obviusly, it doesnt work :/ Im looking for instructions about it, but in the examples i saw, always talk about NAT for tcp/udp, never icmp. It is possible? Thanks for any help. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message