Community discussions

MikroTik App
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

icmp nat

Fri Sep 18, 2020 10:30 pm

hi there

i have a question in mind

how can do something like dst-nat for ping(icmp) an specific device inside local network
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 5:58 am

No different than any other NAT except the Protocol is icmp instead of the more common tcp or udp - I ran one for a specific purpose a while back.
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

Re: icmp nat

Sat Sep 19, 2020 6:06 am

when i select dst-nat and icmp for protocol the dst-port will go disabled so then how to specify the incoming icmp
{3BC2C313-FF6F-4ADB-A559-C1F6486EB4B2}.png.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 6:59 am

Correct, icmp does not have ports.
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

Re: icmp nat

Sat Sep 19, 2020 7:01 am

so
any way to make this happen?
or not!
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 7:26 am

You are almost there. Add the In Interface, and on the Action tab, set for DST NAT and tell what IP to send it to.
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

Re: icmp nat

Sat Sep 19, 2020 7:28 am

this is not working!!!
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 7:51 am

I just set this up on one of my routers. This is working fine. Note that if you don't have a forward rule to allow anything DST-NATted, you will need to build a specific rule to accept these packets.
Image
Image
Also note that the computer that your forward to must allow icmp packets (newer windows installation do not by default).
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

Re: icmp nat

Sat Sep 19, 2020 7:53 am

i see
but this is working only for one pc
so i have multiple hosts in my local network that i want to be pingable from wan
so how can i specify each ? with port or somthing?
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 8:15 am

Yep. If you have only one public IP, you can only ping one host.
 
ShayanPAL
newbie
Topic Author
Posts: 47
Joined: Thu Dec 19, 2019 12:20 pm

Re: icmp nat

Sat Sep 19, 2020 8:16 am

there should be a way like nating or smthing
shouldn't ?
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 8:36 am

Nope. icmp does not have ports (unlike udp and tcp), so all you get is IP. If you have multiple public IPs, you can have each public IP NAT to a different host, but if you only have one public IP, you only get one.
Now with that said, if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports.
Another option is to write a script in your router that pings the various hosts and then notifies you of failures via E-Mail, SNMP, etc.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: icmp nat

Sat Sep 19, 2020 4:21 pm

if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports.
And this approach makes a lot of sense, because a response to a ping tells you nothing more than that the network stack of the machine is running, but nothing about the health of the application - and what you are actually interested in is usually the availability of the service provided by the application.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: icmp nat

Sat Sep 19, 2020 7:31 pm

if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports.
And this approach makes a lot of sense, because a response to a ping tells you nothing more than that the network stack of the machine is running, but nothing about the health of the application - and what you are actually interested in is usually the availability of the service provided by the application.
Correct. For some things, a ping is all you need, for some things more detail is useful. I use a commercial monitoring service called UpTimeRobot.com that can ping, make a tcp probe on either any of the commonly used ports, or custom ports. There are some things that I do just ping, because all I really need to know is that a domain name resolved, but I also have it looking for an http response on a bunch of different ports (many of them are a login prompt for something), port 25 for a mail server, etc.

Who is online

Users browsing this forum: Ahrefs [Bot], neskiask and 99 guests