> Two different pings with the same source and destination but different > identifiers create two separate conntrack entries. Beautiful . Thanks a ton . On Wed, May 5, 2010 at 4:59 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > ratheesh k a écrit : >> >> My understanding is : - NAT on Router R is symmetric nat . I am able >> to browse internet from both machine A and B . >> >> My question is : Can Router R can support different types of NAT >> simultaneously ( full cone nat ,address restricted nat ....etc ) ? > > I don't think so. NAT behaviour is determined by how the connection > tracking works. > >> IF only one type of nat is supported , how "ping google.com " works >> from both machine ? icmp dont have any port information .Still >> icmp-reply gets routed to correct machine ? > > ICMP request/reply types (echo, timestamp...) contain an identifier > field that helps matching requests and replies (Cf. RFC 792). Conntrack > uses it, see /proc/net/ip_conntrack or /proc/net/nf_conntrack, e.g. : > > icmp 1 27 src=192.168.0.1 dst=192.168.0.2 type=8 code=0 id=62027 > [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 type=0 code=0 id=62027 use=2 > mark=0 > icmp 1 14 src=192.168.0.1 dst=192.168.0.2 type=8 code=0 id=61259 > [UNREPLIED] src=192.168.0.2 dst=192.168.0.1 type=0 code=0 id=61259 use=1 > mark=0 > > Two different pings with the same source and destination but different > identifiers create two separate conntrack entries. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
