>Does anyone know if any work is being done to support ICMP and UDP for IP
>Masquerade? ICMP support would be great because it is sometimes useful to
>check to see if a box is up by using ping. Unfortunately, there are also
>still a lot of applications out there that rely on UDP to xfer data.
>I cannot see any technical reasons that would prevent support for ICMP and
>UDP. I realize that Masquerading these protocols would introduce extra
>overhead and CPU time for the Linux box to translate inbound and outbound
>ICMP and UDP packets, but it would still be worth while to have! Comments?
Well, there is one. TCP is connection based, when the box behind the
masquerade starts a TCP connection the masquerading box knows about it, and
remembers that "packets to port 9000 should be redirected to port 1234 on
machine 1.2.3.4," so everything works.
But UDP and ICMP are stateless. It is very hard for the machine to know that
this ICMP echo reply is for machine 1.2.3.4 and not for it.
You can try and work around this, but nothing you do is going to be very good.
The problem is that you are just not supposed to put a machine on the internet
without an IP address.
--
|Gazing up to the breeze of the heavens \ on a quest, meaning, reason |
|came to be, how it begun \ all alone in the family of the sun |
|curiosity teasing everyone \ on our home, third stone from the sun. |
by