pinging same host on the internet from two different LAN
stations
Daniel Hartmeier
daniel at benzedrine.cx
Tue Jul 26 14:01:29 GMT 2005
On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:
> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more different machines
> on my LAN at the same time. only one of my LAN clients can ping that target, and pinging that
> target from another station is possible only when i stop pinging from first client.
> Is there any way or any tool that ICMP portmapping allows simultaneous connections to external
> targets from multiple machines from the LAN?
I don't believe you have actually tried this.
>From one workstation (10.1.1.20)
$ ping 199.185.137.3
64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=218.693 ms
64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=211.615 ms
[...]
At the same time, from another workstation (10.2.2.11)
$ ping 199.185.137.3
64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=195.604 ms
64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=194.387 ms
On the gateway which does NAT for both
# pfctl -ss | grep icmp
kue0 icmp 10.1.1.20:354 -> 62.65.145.30:354 -> 199.185.137.3:354 0:0
kue0 icmp 10.2.2.11:19057 -> 62.65.145.30:19057 -> 199.185.137.3:19057 0:0
What looks like port numbers in the state is the ICMP ID, a number
chosen randomly for one ping invokation. pf uses this to dispatch
incoming replies from the external host to the appropriate internal
host.
Daniel
More information about the freebsd-pf
mailing list