trouble: ipnat & simultaneously icmp traffic from many NATed computers

Мишка umike at
Sun Dec 14 09:26:48 PST 2003


Sorry for my bad english....

We have router on FreeBSD 4.8-RELEASE (IP Filter: v3.4.31)and want to
NAT our LAN. We have 3 computer at LAN -,, We put the rule to ipnat.rules:
 map rl0 ->
So all work all right, but when we try ping one remote_host from two
computers simultaneously we have that only first computer can do this.

Our router settings:
        inet X.X.X.242 netmask 0xfffffff0 broadcast X.X.X.255
        ether 00:c0:26:a3:35:61
        media: Ethernet autoselect (10baseT/UTP)
        status: active
        inet netmask 0xffffff80 broadcast
        ether 00:c0:26:a3:3a:df
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

%more /etc/ipf.rules
pass in quick on rl0 from any to any
pass in quick on rl1 from any to any

%more /etc/ipnat.rules
 map rl0 ->

as I look ipnat -l I see that ipnat map the first icmp ping <->x.x.x.x and not map another from Then I look
%tcpdump -i rl0
WOW! I see outgouing icmp echo request from!!! Ok, I'ts a
my trouble, ipnat want more then one external ip to nat two ipcm from
different host. Let's go:

add new rule into ipnat.rules:
%more /etc/ipnat.rules
map rl0 ->

%ifconfig rl0 X.X.X.245 netmask alias
%ifconfig rl0 X.X.X.246 netmask alias

reload ipnat rules:
%ipnat -CF -f /etc/ipnat.rules
ok! Now I can ping remote_host from and
simultaneously! ipnat -l shows:<->x.x.x.245<->x.x.x.246

Then I go to the machine and do
ping -t remote_host
BANG! Router is down. I stop ping at all 3 hosts. Router is down and
even local console dont react. Only Reset key can do some. Why this

What is this? How can I configure FreeBSD to ping remote_host
simultaneously from any count of NATed computers? We really need do
this! (We are small ISP, and have monitor programs that monitor some our
equipment by icmp ping command and connect to some it services.
Now when we NAT our office LAN we cannot simultaneously monitor our
equipment from many point!)

Can you some help to us?

Once again sorry for my bad english....
Best regards, Mike
mailto:umike at

More information about the freebsd-questions mailing list