hi there
i have a question in mind
how can do something like dst-nat for ping(icmp) an specific device inside local network
No different than any other NAT except the Protocol is icmp instead of the more common tcp or udp - I ran one for a specific purpose a while back.
when i select dst-nat and icmp for protocol the dst-port will go disabled so then how to specify the incoming icmp
Correct, icmp does not have ports.
so
any way to make this happen?
or not!
You are almost there. Add the In Interface, and on the Action tab, set for DST NAT and tell what IP to send it to.
this is not working!!!
I just set this up on one of my routers. This is working fine. Note that if you don’t have a forward rule to allow anything DST-NATted, you will need to build a specific rule to accept these packets.
Also note that the computer that your forward to must allow icmp packets (newer windows installation do not by default).
i see
but this is working only for one pc
so i have multiple hosts in my local network that i want to be pingable from wan
so how can i specify each ? with port or somthing?
Yep. If you have only one public IP, you can only ping one host.
there should be a way like nating or smthing
shouldn’t ?
Nope. icmp does not have ports (unlike udp and tcp), so all you get is IP. If you have multiple public IPs, you can have each public IP NAT to a different host, but if you only have one public IP, you only get one.
Now with that said, if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports.
Another option is to write a script in your router that pings the various hosts and then notifies you of failures via E-Mail, SNMP, etc.
And this approach makes a lot of sense, because a response to a ping tells you nothing more than that the network stack of the machine is running, but nothing about the health of the application - and what you are actually interested in is usually the availability of the service provided by the application.
Correct. For some things, a ping is all you need, for some things more detail is useful. I use a commercial monitoring service called UpTimeRobot.com that can ping, make a tcp probe on either any of the commonly used ports, or custom ports. There are some things that I do just ping, because all I really need to know is that a domain name resolved, but I also have it looking for an http response on a bunch of different ports (many of them are a login prompt for something), port 25 for a mail server, etc.