icmp problem
Arne Wörner
arne_woerner at yahoo.com
Wed May 11 13:57:28 PDT 2005
--- george roman <thewolfro at yahoo.com> wrote:
> hi i have a problem with my icmp, i have a router that
> performs nat. i cannot ping to internet hosts from
> more than one stations situated behind NAT at once. if
> i want to ping from another station i have to stop the
> ping that was initiated from the first host, and after
> a few seconds i can ping from another station.i've
> checked firewll and i have no ipfw rules that could
> stop icmp traffic. where should i continue my search
> and what can i do to resolv this problem. i really
> have to get ping wrking from more than one stations at
> once.
>
Hi!
I would guess, that ICMP packets do not have a port number (just a
request/response id), so that the NAT cannot distinguish multiple
ICMP packet sources (I mean: The response from the ICMP requestee
cannot be mapped back to the appropriate ICMP requester).
Hmm... I just think, that (if you have multiple ICMP requestees)
the NAT could be able to map back the ICMP requester IP by the IP
of the ICMP requestee. But I do not know, how your router works...
Maybe your computer-pool could elect an ICMP-master, who
coordinates all the ICMP traffic through the NAT.
Bye
Arne
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
More information about the freebsd-security
mailing list