How does a NAT server forward ping ICMP echo reply packets to users

ip addressnat;ping

NAT uses an IP address port number combination to hash the outgoing requests. Since ping requests consist of ICMP echo request packets, they do not have any associated port number. How does a NAT server forward the replies to the hosts inside the network?

Best Answer

For ICMP query/reply type messages like Echoes (pings), NAPT uses the ICMP Query ID (sometimes just called the ICMP ID) the same way it would use a TCP or UDP port number.

For ICMP error messages such as Destination Unreachable, it uses the ICMP packet's internal copy of the headers of the frame that caused the error to figure out which mapping in the NAT table to use to translate it.

These procedures are referenced briefly in several NAT-related RFCs, but I had a hard time finding one that explicitly spelled out the procedure. See "Traditional NAT", RFC3022, section 4.1.

This doesn't conflict with any TCP or UDP mapping because in a good NAPT implementation, the protocol is one of the pieces of information held in the NAT table entry to make it unique.

Related Question