[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: NAT and ICMP_ECHO/ECHO_REPLY
From:       Xiaodan Tang <xtang () qnx ! com>
Date:       1999-10-27 14:31:12
[Download RAW message or body]

Previously, you (Lance -) wrote on Wed, 27 Oct 1999 09:20:51 CDT:
> What code are you running?
> 
> Currently it is working pinging two different destinations with two 
> different computers.
> 
> Also what are your rules?

I am running 3.3.1, and my rules is as simple as:

	map ppp0 10.0.0.0/8 -> 209.xx.xx.xx/32 portmap tcp/udp 20000:40000
	map ppp0 10.0.0.0/8 -> 209.xx.xx.xx/32

The case I faild is:

	from 10.0.0.1 do a "ping www.yahoo.com"

at the same time:

	from 10.0.0.2 do a "ping www.yahoo.com"

Are you saying this is working for you? 

Yes if 10.1/10.2 ping to different machine I agree it will work. 

-Xiaodan

> Lance
> 
> >
> >OK, I know there isn't enough informations in ICMP_ECHO/ECHO_REPLY
> >packet for NAT to generate mapping entry, so 2 machines inside of
> >NAT gateway, can't ping to outside world "at same time".
> >
> >What I am thinking is, given the face that most TCPIP implement
> >do not check the datas transfered by ICMP_ECHO/ECHO_REPLY, Can
> >we "append" orignal sender's IP in the ICMP_ECHO data area? While
> >it comeback, we took that IP and map it back...
> >
> >It sounds doable, not sure if there is a hole here. Any suggestion?
> >
> >Xiaodan Tang
> >QNX Software Systems Ltd.
> >
> 
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com

[prev in list] [next in list] [prev in thread] [next in thread]