[...]
>
> I reread David's post. And discovered that he didn't say the
> box was pinged.
>
> Your theory, however seems to answer my question. But are you
> saying NAT box is
> responding to echo on behalf of destination box ?
That's my theory, yes.
> If not, why is it limited to icmp echo ? Why 'alias' is
> ineffective for tcp ?
In my little fantasy world it's because ICMP echo requests can only ever
elicit ICMP echo responses. A router/firewall could happily take care of
those. TCP connections are different beasts and imply that some interactive
event is about to occur with the end host.
Note that this is probably just vague sophistry on my part and may have
nothing to do with what's actually going on. I'd also like to point out that
if my theory is correct I think it's a crazy implementation choice.
> >
> > Anyway, that's kind of irrelevant.
>
> Agree.
>
>
> horio shoichi
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
