Re: icmp masquerading

From: Andreas Ferber (aferber@techfak.uni-bielefeld.de)
Date: Sat Nov 17 2001 - 00:17:11 EST


Hi,

On Fri, Nov 16, 2001 at 09:41:15PM -0600, Kenneth Stephen wrote:
>
> My understanding of masquerading is that packets from the
> masqueraded host are remapped to a different port on the masquerading
> host and sent out. How does this work with ICMP where there are no port
> numbers in the protocol? If A is the masquerading router and B is the
> masqueraded host, how is it possible to distinguish a ping to C from A and
> a ping to C from B?

ICMP message types that have a request/reply notion (Echo, Timestamp,
Info Request and Address Request) have an ID and a Sequence Number (16
Bit each), which are used for masquerading.

Other ICMP messages include the first 8 Octets of the original IP
packet which triggered the ICMP. This is enough to identify the
corresponding masqueraded connection.

Andreas

-- 
       Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
     ---------------------------------------------------------
         +49 521 1365800 - af@devcon.net - www.devcon.net
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Fri Nov 23 2001 - 21:00:38 EST