Hello, ratheesh k a écrit : > > My understanding is : - NAT on Router R is symmetric nat . I am able > to browse internet from both machine A and B . > > My question is : Can Router R can support different types of NAT > simultaneously ( full cone nat ,address restricted nat ....etc ) ? I don't think so. NAT behaviour is determined by how the connection tracking works. > IF only one type of nat is supported , how "ping google.com " works > from both machine ? icmp dont have any port information .Still > icmp-reply gets routed to correct machine ? ICMP request/reply types (echo, timestamp...) contain an identifier field that helps matching requests and replies (Cf. RFC 792). Conntrack uses it, see /proc/net/ip_conntrack or /proc/net/nf_conntrack, e.g. : icmp 1 27 src=192.168.0.1 dst=192.168.0.2 type=8 code=0 id=62027 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 type=0 code=0 id=62027 use=2 mark=0 icmp 1 14 src=192.168.0.1 dst=192.168.0.2 type=8 code=0 id=61259 [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 type=0 code=0 id=61259 use=1 mark=0 Two different pings with the same source and destination but different identifiers create two separate conntrack entries. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
