At 18:21 03/05/01 -0400, Paul D. Robertson wrote:
>While it may *seem* to be the correct way, rfc792 (Internet Control
>Message Protocol) says of the source address:
>[snip]
You apparently misunderstood my saying:)
I was talking about the ping program, not the icmp implementation.
more precisely, the ping program on windows prints the address that you
gave him,
not the one found in the ICMP response. This may induce one to think he has
received an ICMP response from the address he specified, while this is not
always true. Printing the address found in the ICMP response allows one to
detect whether
it is really the pinged machine, and helps in debugging (which after all is
the purpose of
ping!). In the old days, I got people asking why they could not connect to
a server that
was apparently alive (according to the ping results). I found later that
the server was down,
and that the ping response was that of the FW in between which was
configured to "absorb"
those ping requests. Whether this config is good or not, things would have
been easier if
the ping program printed the address found in the ICMP message.
Besides, there is is really no benefit if the ping program prints the
address you passed it!
Considering the ICMP part, my "choice" is that the ping response should
have the address of the
outgoing interface. Using another iface may make routing harder.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
