Tcpip routing forward question?

Home Forums Discussions Support Portal Tcpip routing forward question?

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #4879

    2 interfaces: ethernet and adsl(raspppoe, connecting internet), and enable TcpIP Routing at registry.

    If an inner client send an ICMP Echo request to an external host at internet
    ( already set Gatway in client computer )
    Will windows(XP) send out the ICMP requst to internet through the ADSL interface?
    If so, why I can not catch that packet by sniffer? It seems that windows drop the request, what cause that?

    Vadim Smirnov

    Following to your post Send out modified ip packets, but no reponse ( NAT ) you read the packet from the inner interface, substitute the source IP and send this packet to the stack. What do you think the stack will do with packet received from the inner interface which has it’s own IP address as a source address? Yes, it will drop it, because it never expects such a packet from the network. So you don’t need to alter incoming packets from the inner interface. In this case TCP/IP will route them and try to send from the external interface with inner client source IP.

    In order to complete your task you should filter the external (Internet interface) and NAT (substutute the source address with external interface one) outgoing packets. For the packets received on the external interface you should do the reverse operation (change destination IP from the external interface IP to inner system one) if you find the required entry in your NAT table.


    Oh, understand, thanks.

    Followed your suggestion.

    I do this, print all caught packet, NOT do any address subsititute action
    Just want to know I can catch that packet at external interface.


    if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)
    /// tcpstack –> interface

    print(“tcpstack — > interface: %s”, interfaceName );
    for(i=0;i print(“%x: rn” , PacketBuffer.m_IBuffer);

    if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_RECV)
    /// interface — > tcpstack

    print(“interface —> tcpstack: %s”, interfaceName );
    for(i=0;i print(“%x: rn” , PacketBuffer.m_IBuffer

    I do a “ping” at the client computer, as the the correct result I should catch the packet at “TcpStack –> Interface: External”, but failed.
    I only get it at “Interface –> Stack: Internal”. As you have told before, I
    should get the packet at “TcpStack –> Interface: External”. Can you tell me where the error from?

    My environment is like below

    internet —- adsl modem — HUB

    inner client(
    NAT computer ( WinXP)

    NAT computer use RasPPPoE to connect ADSL.

    Below is my route table

    Interface List
    0x1 ……………………… MS TCP Loopback interface
    0x2 …00 50 ba 63 2b bd …… VIA Compatable Fast Ethernet Adapter
    0x40004 …00 53 45 00 00 00 …… WAN (PPP/SLIP) Interface
    Active Routes:
    Network Destination Netmask Gateway Interface Metric 1 50 1 50 1 20 20 20 20 1 1
    Default Gateway:
    Persistent Routes:

    Here is one packet I caught

    interface–>tcpstack Local Connection (Internel)
    0: 50: ba: 63: 2b: bd: 0: 10: dc: 1: b8: 9f: 8: 0: 45: 0:
    0: 3c: 38: cf: 0: 0: 80: 1: fe: ff: c0: a8: 1: 3: da: 1e:
    67: 28: 8: 0: 29: 5c: 2: 0: 22: 0: 61: 62: 63: 64: 65: 66:
    67: 68: 69: 6a: 6b: 6c: 6d: 6e: 6f: 70: 71: 72: 73: 74: 75: 76:
    77: 61: 62: 63: 64: 65: 66: 67: 68: 69:

    This is a ICMP Echo Req packet

    Vadim Smirnov

    Normally if you have enabled routing on the NAT system and if you can see ICMP req coming to the inner interface then this ICMP req should be routed to the external interface (WAN (PPP/SLIP) Interface if I understand your configuration). If you can’t see this packet anymore then probably the normal behavior is broken. It can be coused by enabled native XP connection sharing, firewall or third party NAT/gateway software. I suspect that this is rather the firewall which just drops ICMP packets but I can’t know it for sure.


    Thanks, the problem solved. I have enable XP “firewall” before.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.