Re: [tlug] B Flets blocks port 25?

[Curt Sampson <cjs@example.com>]

On 2008-06-02 16:17 +0900 (Mon), Stephen J. Turnbull wrote:

> Could you describe the failure mode?

Yes. I see no replies whatsoever except from the final hop.

> My brain is AWOL and I'm not seeing how it would fail ...

I'm guessing that it's a cheap NAT algoritm that's not properly
associating the ICMP TTL expired messages with the host that triggered
them, and is chucking them rather than passing them back. At some point
I can put a sniffer on the other side of my office router and see if
that's really what's happening, I suppose.

> OTOH, the next version (current is 1.4, next is 1.5) of tcptraceroute
> apparently has some feature related to NAT.

Ah, dnat:

    New --dnat, --no-dnat (default), and --no-dnat-strict command line
    arguments.  --dnat enabled Destination NAT detection, which works by
    comparing the quoted IP address in an ICMP payload with the
    destination a probe packet was addressed to.

So perhaps it's confused by the fact that the fragment within the ICMP
response isn't being translated, and has not the computer's address, but
the address of the router.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com