Question about private networks

[ramirez]

I am curious if it's possible for a public host (internet IP address) to initiate communication with a private host, if the private host is either:

1) behing a NAT router, or
2) behind a proxy server, or
3) using DHCP in a private LAN.

I know that you can set up port forwarding to direct certain ports to specified private IP addresses, but what about pinging? I've read in my CCNA studies that ICMP is a "pure" layer three protocol, meaning it has no higher layer support (i.e. no TCP/UDP ports)

I guess I'm wondering if there is any way to successfully ping one of the inside hosts.

Chris

 

[Nothinman]

No, the layer that ICMP works at is irrelevant since you have to have a routable address to ping and if the box is being NAT'd you don't have that address. Now if you're doing a 1:1 NAT you can ping the NAT address provided the NAT device allows it through.

Technically it is possible to redirect ICMP just like a port forward so that when you ping the public address you would really be pinging one of the NAT'd addresses, but that doesn't really make any sense.

 

[spidey07]

static nat is what you are looking for. it works at layer3 - IP. an outside address maps directy to an inside address regardless of any layer4 and higher information. it is used very frequently on firewalls and routers.

technically NAT (network address translation) works at layer3 and PAT (port address translation) works at layer4. But in common terms people interchange them.

but in answer to your questions - you can do just about anything you want. So sure - you can ping an inside host in those scenarios.

If you allow it.

 

[Goosemaster]

Originally posted by: spidey07
..... you can do just about anything you want. .....

If you allow it.

😀