[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Fred Wright" <fw at well dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] multiple ping problems
 Date:  Thu, 27 May 2004 20:34:09 -0700
>
> Although ICMP doesn't use "port numbers", the request and reply forms have
> a 16-bit "ID", which is conceptually more or less equivalent to the
> TCP/UDP originating port number, and should be treated as such by NAT
> (including possibly remapping it to avoid conflicts).  Any NAT
> implementation that doesn't do this is broken.
>
> ICMP *errors* have no ID, but should be demultiplexed on the basis of the
> embedded IP header from the associated *outgoing* packet.
>

Sounds like you've got a point to me, but unless the limitation on mono is
specific to mono, you are probably better off raising that issue with natd -
cause I guess everyone has the problem then eh?

Could it have something to do with setting a keepstate rule on the icmp
rules? Doing that on udp makes it remember and reverse the path for dns
query returns etc - right?

m/