[BBLISA] Amazon EC2 Oddly Rejecting Very Specific IP Addresses
Bill Bogstad
bogstad at pobox.com
Tue Apr 13 23:49:46 EDT 2010
On Tue, Apr 13, 2010 at 4:19 PM, Dean Anderson <dean at av8.com> wrote:
> The NAT _could_ statefully translate the ICMP packet addresses and
> return the responses, but most NATs it seems also block ICMP. That's why
> ICMP is failing at the first hop. But the solution is as Theo
> describes. The customer needs a public IP that doesn't block ICMP.
Really? I'm not sure that I've ever seen a deployed NAT which worked
this way. Even the cheap $30 wireless router/NAT boxes support both
support NATed ping and traceroute in my experience. Are you sure this
isn't just 'network experts' who configure their firewalls to drop all
ICMP because that's only used by hackers?
Bill Bogstad
More information about the bblisa
mailing list