开发者

is it possible pinging through nat from outside the nat inside?

is it possible to send an echo-request to a host set behind nat after. all the echo-request doesn't hold a port for the destination host so if there are sever开发者_运维问答al hosts using the same external ip address how will the nat be able to forward the echo-request to a specific host


Most modern NAT/packet filtering implementations are stateful. That means they have a wider concept of the word connection than the older stateless variants. That allows them to handle more complex protocols that use additional connections (e.g. FTP), as well as connection-less protocols like ICMP.

In the case of ICMP packets, echo requests contain an ID field that is preserved in the reply. While its 16 bits are somewhat restrictive, it allows in conjuction with the source IP address from the IP header to have a reasonably high confidence on which echo request each reply corresponds to.

EDIT:

As for targeting specific hosts behind a NAT implementation, that is not generally possible. You might be able to:

  • Redirect all ICMP traffic to one internal host to monitor that one host only.

  • Use the "pad" data bytes of the echo request packet to provide some kind of host identifier. For example, the -p option of ping on some Linux systems allows setting that field. This is by no means standard, though.

In general, NAT is supposed to hide the hosts behind it from the world, with the exception of any forwarded IP connections.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜