[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: UVM, UBC, and PF criticisms in comp.unix.solaris
From:       Marc Espie <espie () schutzenberger ! liafa ! jussieu ! fr>
Date:       2002-01-02 7:44:37
[Download RAW message or body]

On Wed, Jan 02, 2002 at 03:44:44PM +1100, Darren Reed wrote:
> For starters, if you have two hosts, inside, which both want to ping
> the same external host, at exactly the same time, what do you do when
> you get 1 reply back instead of 2?  Does the firewall get heavy and
> put its own data in the data part of the ICMP payload?  What if the
> user is sending 0 bytes data?  You can't exactly just add more because
> that has an effect on the measurement, however small or big.

It's already great having firewalls/NAT configured to let pings and
similar things through. I've often had to deal with sysadmins who configure
their network to not let anything through.

> The only answer is to say that NAT is evil.

Well, of course it is.  But then, convincing everyone to switch to IPv6
is a tall order. Maybe this will change in a few years time.

[prev in list] [next in list] [prev in thread] [next in thread]