[ previous ] [ next ] [ threads ]
 
 From:  "Roland Giesler" <roland at thegreentree dot za dot net>
 To:  "Chris Buechler" <cbuechler at gmail dot com>, monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Using multiple Ip's on WAN port (Server NAT)
 Date:  Thu, 28 Feb 2008 12:30:00 +0200
On 2/27/08, Chris Buechler <cbuechler at gmail dot com> wrote:
> On Tue, Feb 26, 2008 at 6:04 AM, Roland Giesler
>  <roland at thegreentree dot za dot net> wrote:
>
>  >  However, pinging the site does not,
>  >  although I have a rule that allows pings and a NAT that forwards pings
>  >  to the same server.
>
> You can only ping NATed hosts if using 1:1 NAT. You're opening TCP
>  port 443, which is unrelated to ICMP echoes (ping). You can't forward
>  ICMP in Server or Inbound NAT, only 1:1.

Just so I understand this better:  If I have an alias in FreeBSD on a
netcard, then that card will respond to pings on both addresses (or
however many addresses I've added).  Now if I have an ip on the WAN
port and allow pings to it, it will respond when I ping it.  If I add
another ip address (Server NAT), then the mechanism employed to
"allow" that address is obviously not like when I add an alias, right?
 How is it done though?   TCP/UDP ports can be NAT'ed to another host,
but ICMP not.  Could you tell me (and the list) please how this is
actually done.  I know now I should be using 1:1 NAT, but I'd like to
learn what actually happens here.

thanks again

-- 
Roland Giesler
Green Tree Systems cc, Stellenbosch, South Africa
Mobile: 072-450-2817   http://www.thegreentree.za.net

Shop online at http://www.digitalplanet.co.za/?AID=497