Re: icmp masquerading

From: Andreas Ferber (
Date: Sat Nov 17 2001 - 00:17:11 EST


On Fri, Nov 16, 2001 at 09:41:15PM -0600, Kenneth Stephen wrote:
> My understanding of masquerading is that packets from the
> masqueraded host are remapped to a different port on the masquerading
> host and sent out. How does this work with ICMP where there are no port
> numbers in the protocol? If A is the masquerading router and B is the
> masqueraded host, how is it possible to distinguish a ping to C from A and
> a ping to C from B?

ICMP message types that have a request/reply notion (Echo, Timestamp,
Info Request and Address Request) have an ID and a Sequence Number (16
Bit each), which are used for masquerading.

Other ICMP messages include the first 8 Octets of the original IP
packet which triggered the ICMP. This is enough to identify the
corresponding masqueraded connection.


       Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
         +49 521 1365800 - -
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to
More majordomo info at

This archive was generated by hypermail 2b29 : Fri Nov 23 2001 - 21:00:38 EST