Re[2]: icmp problem

看板FB_security作者時間20年前 (2005/05/13 21:05), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/4 (看更多)
On Fri, 13 May 2005, Danil V. Gerun wrote: > > AW> I would guess, that ICMP packets do not have a port number (just a > AW> request/response id), so that the NAT cannot distinguish multiple > AW> ICMP packet sources (I mean: The response from the ICMP requestee > AW> cannot be mapped back to the appropriate ICMP requester). > > AW> Hmm... I just think, that (if you have multiple ICMP requestees) > AW> the NAT could be able to map back the ICMP requester IP by the IP > AW> of the ICMP requestee. But I do not know, how your router works... > > AW> Maybe your computer-pool could elect an ICMP-master, who > AW> coordinates all the ICMP traffic through the NAT. > > AW> Bye > AW> Arne > > In my NATED (ipfw+natd) lan EVERY internal host (192.168.XX) can ping simultaneously any external host and ALL getting their proper ICMP replies. If you have a straightforward setup you wont have any problems. Just try a simple test...Run ipfw with one divert rule only, and the "natd" application and see what happens if you ping. I think that you are using some limiters in your ipfw rules. Rgz, BB --- Dreams have no limits! _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 bigbrother. 的文章
文章代碼(AID): #12XAOg00 (FB_security)
更多 bigbrother. 的文章
文章代碼(AID): #12XAOg00 (FB_security)