On Tue, Apr 13, 2010 at 4:19 PM, Dean Anderson <[email protected]> wrote: > The NAT _could_ statefully translate the ICMP packet addresses and > return the responses, but most NATs it seems also block ICMP. That's why > ICMP is failing at the first hop. But the solution is as Theo > describes. The customer needs a public IP that doesn't block ICMP.
Really? I'm not sure that I've ever seen a deployed NAT which worked this way. Even the cheap $30 wireless router/NAT boxes support both support NATed ping and traceroute in my experience. Are you sure this isn't just 'network experts' who configure their firewalls to drop all ICMP because that's only used by hackers? Bill Bogstad _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
