... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 13,170 of 14,669

Barry Margolin to David Schwartz

Re: Ping through firewall

12 Nov 09 01:39:53

   71734791   
   From: barmar@alum.mit.edu   
      
   In article   
   <94745534-49c6-4a26-8fe2-1aa1127e6556@b36g2000prf.googlegroups.com>,   
    David Schwartz  wrote:   
      
   > On Nov 11, 4:36 pm, Barry Margolin  wrote:   
   >   
   > > > passing inbound pings. If the inbound ping matches a NAT table entry,   
   > > > the NAT device should pass it. (Again, unless it's specifically   
   > > > configured as a firewall.)   
   >   
   > > But since NAT table entries get created as a result of outgoing packets,   
   > > how could it match one?   
   >   
   > An outgoing packet could have created the NAT entry.   
      
   NAT entries are protocol- and port-specific.  If you send an outgoing   
   ICMP Echo, a NAT entry will be created that allows incoming ICMP Echo   
   Reply.  I don't think there's any kind of outgoing packet that would   
   create a NAT entry that allows incoming ICMP Echo.   
      
   > There is no guarantee it won't be able to figure out how and where to   
   > forward it.   
      
   Routers don't try to "figure out" this stuff.  Outgoing packets open up   
   holes for very specific return traffic.   
      
   Although NAT routers aren't full-fledged firewalls, they are still very   
   good at blocking unsolicited incoming traffic.   
      
   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]