... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 13,174 of 14,669

Barry Margolin to David Schwartz

Re: Ping through firewall

12 Nov 09 13:24:17

   255907a8   
   From: barmar@alum.mit.edu   

   In article   
   ,   
    David Schwartz  wrote:   

   > On Nov 11, 10:39 pm, Barry Margolin  wrote:   
   >   
   > > > An outgoing packet could have created the NAT entry.   
   >   
   > > NAT entries are protocol- and port-specific.  If you send an outgoing   
   > > ICMP Echo, a NAT entry will be created that allows incoming ICMP Echo   
   > > Reply.  I don't think there's any kind of outgoing packet that would   
   > > create a NAT entry that allows incoming ICMP Echo.   
   >   
   > You mean some devices create protocol and port-specific NAT entries if   
   > they have to.   

   If they don't, two inside devices trying to communicate concurrently   
   with the same outside server will not work.  The NAT entries have to be   
   able to distinguish the connections, and send the return traffic to the   
   correct inside machine.   

   So unless your router is really crippled, NAT entries need to be similar   
   to TCBs, using a tuple of  to match packets.  ICMP error packets have to be processed   
   similarly to the way a network stack would: extract the IP/port info   
   from the embedded header, get the NAT entry for that connection, and   
   forward there (after appropriate NATting).   

   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   

   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]