Fantastic ! For more than one instances I wished I could.
Ipfilter has yet to go for this "destructive" feature, you know.
horio shoichi
Ben Nagy wrote:
>
> [...]
> >
> > I reread David's post. And discovered that he didn't say the
> > box was pinged.
> >
> > Your theory, however seems to answer my question. But are you
> > saying NAT box is
> > responding to echo on behalf of destination box ?
>
> That's my theory, yes.
>
> > If not, why is it limited to icmp echo ? Why 'alias' is
> > ineffective for tcp ?
>
> In my little fantasy world it's because ICMP echo requests can only ever
> elicit ICMP echo responses. A router/firewall could happily take care of
> those. TCP connections are different beasts and imply that some interactive
> event is about to occur with the end host.
>
> Note that this is probably just vague sophistry on my part and may have
> nothing to do with what's actually going on. I'd also like to point out that
> if my theory is correct I think it's a crazy implementation choice.
>
> > >
> > > Anyway, that's kind of irrelevant.
> >
> > Agree.
> >
> >
> > horio shoichi
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, Volante Solutions
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
