e1fc1b01   
   From: barmar@alum.mit.edu   
      
   In article   
   <237b0d1c-3675-4af5-a03f-b36861094329@x25g2000prf.googlegroups.com>,   
    David Schwartz  wrote:   
      
   > On Nov 11, 6:07 am, Barry Margolin  wrote:   
   >   
   > > It should only pass packets that match NAT table entries, which are   
   > > created when you send outgoing packets.  So it should only pass ping   
   > > replies in response to ping requests to that IP.   
   >   
   > We're not talking about passing ping replies. We're talking about   
      
   I know.   
      
   > passing inbound pings. If the inbound ping matches a NAT table entry,   
   > the NAT device should pass it. (Again, unless it's specifically   
   > configured as a firewall.)   
      
   But since NAT table entries get created as a result of outgoing packets,   
   how could it match one?   
      
   Maybe you meant to say port forwarding entry.  On my Linksys router,   
   port forwarding can only be configured for TCP and UDP; you need a   
   protocol with ports.  I expect this is typical of home routers.   
      
   Or maybe you're thinking of static NAT, which you can configure on   
   enterprise routers like Cisco and Juniper.  This is essentially what   
   home routers call port forwarding, although they are more elaborate: you   
   can have multiple outside addresses and forward based on which outside   
   address was used; you can use an access list to determine which NAT   
   entry matches based on a number of criteria (which would allow you to   
   forward ICMP packets).   
      
   > And, of course, it may also pass them into devices configured into a   
   > DMZ.   
      
   Of course.  But he already said he didn't have a DMZ configured.   
      
   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)