Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2005 09:33:08 +0300 (EEST)
From:      BigBrother-{BigB3} <bigbrother@bonbon.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re[2]: icmp problem
Message-ID:  <20050513092907.J73276@bigb3server.bbcluster.gr>
In-Reply-To: <1682287017.20050513100245@625.ru>
References:  6667 <20050511205723.48284.qmail@web41210.mail.yahoo.com> <1682287017.20050513100245@625.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

On Fri, 13 May 2005, Danil V. Gerun wrote:

>
> AW> I would guess, that ICMP packets do not have a port number (just a
> AW> request/response id), so that the NAT cannot distinguish multiple
> AW> ICMP packet sources (I mean: The response from the ICMP requestee
> AW> cannot be mapped back to the appropriate ICMP requester).
>
> AW> Hmm... I just think, that (if you have multiple ICMP requestees)
> AW> the NAT could be able to map back the ICMP requester IP by the IP
> AW> of the ICMP requestee. But I do not know, how your router works...
>
> AW> Maybe your computer-pool could elect an ICMP-master, who
> AW> coordinates all the ICMP traffic through the NAT.
>
> AW> Bye
> AW> Arne
>
>


In my NATED (ipfw+natd) lan EVERY internal host (192.168.XX) can ping 
simultaneously any external host and ALL getting their proper ICMP 
replies.

If you have a straightforward setup you wont have any problems. Just try a 
simple test...Run ipfw with one divert rule only, and the "natd" 
application and see what happens if you ping.

I think that you are using some limiters in your ipfw rules.


Rgz,

BB




---
Dreams have no limits!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050513092907.J73276>