>
> Although ICMP doesn't use "port numbers", the request and reply forms have
> a 16-bit "ID", which is conceptually more or less equivalent to the
> TCP/UDP originating port number, and should be treated as such by NAT
> (including possibly remapping it to avoid conflicts).  Any NAT
> implementation that doesn't do this is broken.
>
> ICMP *errors* have no ID, but should be demultiplexed on the basis of the
> embedded IP header from the associated *outgoing* packet.
>

Sounds like you've got a point to me, but unless the limitation on mono is
specific to mono, you are probably better off raising that issue with natd -
cause I guess everyone has the problem then eh?

Could it have something to do with setting a keepstate rule on the icmp
rules? Doing that on udp makes it remember and reverse the path for dns
query returns etc - right?

m/