hi i have a problem with my icmp, i have a router that performs nat. i cannot ping to internet hosts from more than one stations situated behind NAT at once. if i want to ping from another station i have to stop the ping that was initiated from the first host, and after a few seconds i can ping from another station.i've checked firewll and i have no ipfw rules that could stop icmp traffic. where should i continue my search and what can i do to resolv this problem. i really have to get ping wrking from more than one stations at once. 10x for your help Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html
--- george roman <thewolfro@yahoo.com> wrote:> hi i have a problem with my icmp, i have a router that > performs nat. i cannot ping to internet hosts from > more than one stations situated behind NAT at once. if > i want to ping from another station i have to stop the > ping that was initiated from the first host, and after > a few seconds i can ping from another station.i've > checked firewll and i have no ipfw rules that could > stop icmp traffic. where should i continue my search > and what can i do to resolv this problem. i really > have to get ping wrking from more than one stations at > once. >Hi! I would guess, that ICMP packets do not have a port number (just a request/response id), so that the NAT cannot distinguish multiple ICMP packet sources (I mean: The response from the ICMP requestee cannot be mapped back to the appropriate ICMP requester). Hmm... I just think, that (if you have multiple ICMP requestees) the NAT could be able to map back the ICMP requester IP by the IP of the ICMP requestee. But I do not know, how your router works... Maybe your computer-pool could elect an ICMP-master, who coordinates all the ICMP traffic through the NAT. Bye Arne __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
i think i know what my problem is for nat i didn't use divert with ipfw, instead i used /etc/ipnat.rules file where i put something like this: map fxp0 192.168.66.16/32 -> external_ip/32 for each host that should get nat-ed i will try the divert command to see what happends __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
yesss. it works i used ipfw add divert natd all from any to any via fxp0 and it works perfectly. --- george roman <thewolfro@yahoo.com> wrote:> i think i know what my problem is > for nat i didn't use divert with ipfw, instead i > used > /etc/ipnat.rules file where i put something like > this: > > > map fxp0 192.168.66.16/32 -> external_ip/32 > > for each host that should get nat-ed > > i will try the divert command to see what happends > > > > __________________________________ > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your > mobile phone. > http://mobile.yahoo.com/learn/mail > _______________________________________________ > freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security> To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html