is it possible pinging through nat from outside the nat inside?
is it possible to send an echo-request to a host set behind nat after. all the echo-request doesn't hold a port for the destination host so if there are sever开发者_运维问答al hosts using the same external ip address how will the nat be able to forward the echo-request to a specific host
Most modern NAT/packet filtering implementations are stateful. That means they have a wider concept of the word connection
than the older stateless variants. That allows them to handle more complex protocols that use additional connections (e.g. FTP), as well as connection-less protocols like ICMP.
In the case of ICMP packets, echo
requests contain an ID
field that is preserved in the reply. While its 16 bits are somewhat restrictive, it allows in conjuction with the source IP address from the IP header to have a reasonably high confidence on which echo
request each reply corresponds to.
EDIT:
As for targeting specific hosts behind a NAT implementation, that is not generally possible. You might be able to:
Redirect all ICMP traffic to one internal host to monitor that one host only.
Use the "pad" data bytes of the
echo
request packet to provide some kind of host identifier. For example, the-p
option ofping
on some Linux systems allows setting that field. This is by no means standard, though.
In general, NAT is supposed to hide the hosts behind it from the world, with the exception of any forwarded IP connections.
精彩评论