pinging same host on the internet from two different LAN stations

Pejman Moghadam d_a_d_a_sh at yahoo.com
Wed Jul 27 05:13:21 GMT 2005 

Cristiano Deana wrote :
> Paste your pf.conf, it probaly contains errors.
> tcpdump -i $external_interface icmp.

This is my pf.conf
 
extif="{ ed0 }"
extip="{ (ed0) }"
table <lan> { 192.168.1.0/24 }
nat on $extif from <lan> to any -> $extip
pass all


on my clients windows:

on 192.168.1.18 :

C:\>echo %os%
Windows_NT

C:\>ping 192.9.9.3

Pinging 192.9.9.3 with 32 bytes of data:

Reply from 192.9.9.3: bytes=32 time=541ms TTL=228
Reply from 192.9.9.3: bytes=32 time=540ms TTL=228
Reply from 192.9.9.3: bytes=32 time=531ms TTL=228
Reply from 192.9.9.3: bytes=32 time=671ms TTL=228

Ping statistics for 192.9.9.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 531ms, Maximum =  671ms, Average =  570ms

on 192.168.1.19 :

C:\>echo %os%
Windows_NT

C:\>ping 192.9.9.3

Pinging 192.9.9.3 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.9.9.3:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms



on FreeBSD box that do NAT with PF:

# pfctl -ss
self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512       0:0

# tcpdump -c 10 -i $external_interface -nq icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ed0, link-type EN10MB (Ethernet), capture size 96 bytes
10:02:42.839665 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 6419
10:02:42.909906 IP 1.2.3.4 > 192.9.9.3: icmp 40: echo request seq 275
10:02:43.248794 IP 192.9.9.3 > 1.2.3.4: icmp 40: echo reply seq 275
10:02:43.841123 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 6675
10:02:43.921558 IP 1.2.3.4 > 192.9.9.3: icmp 40: echo request seq 531
10:02:44.263806 IP 192.9.9.3 > 1.2.3.4: icmp 40: echo reply seq 531
10:02:44.842665 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 6931
10:02:44.923035 IP 1.2.3.4 > 192.9.9.3: icmp 40: echo request seq 787
10:02:45.262390 IP 192.9.9.3 > 1.2.3.4: icmp 40: echo reply seq 787
10:02:45.844227 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 7187
10 packets captured
12 packets received by filter
0 packets dropped by kernel

# tcpdump -c 10 -i $internal_interface -nq icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on dc0, link-type EN10MB (Ethernet), capture size 96 bytes
10:00:51.538006 IP 192.9.9.3 > 192.168.1.18: icmp 40: echo reply seq 37394
10:00:51.671439 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 43538
10:00:52.199114 IP 192.168.1.18 > 192.9.9.3: icmp 40: echo request seq 37650
10:00:52.538007 IP 192.9.9.3 > 192.168.1.18: icmp 40: echo reply seq 37650
10:00:52.672876 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 43794
10:00:53.210683 IP 192.168.1.18 > 192.9.9.3: icmp 40: echo request seq 37906
10:00:53.554918 IP 192.9.9.3 > 192.168.1.18: icmp 40: echo reply seq 37906
10:00:53.674441 IP 192.168.1.19 > 192.9.9.3: icmp 40: echo request seq 44050
10:00:54.212218 IP 192.168.1.18 > 192.9.9.3: icmp 40: echo request seq 38162
10:00:54.551131 IP 192.9.9.3 > 192.168.1.18: icmp 40: echo reply seq 38162
10 packets captured
26 packets received by filter
0 packets dropped by kernel


--- Cristiano Deana <cristiano.deana at gmail.com> wrote:

> 2005/7/26, Pejman Moghadam <d_a_d_a_sh at yahoo.com>:
> 
> > Is there any way or any tool that ICMP portmapping allows simultaneous connections to external
> > targets from multiple machines from the LAN?
> 
> This the standard in a normal pf configuration with nat.
> Paste your pf.conf, it probaly contains errors.
> 
> btw:
> in your firewall:
> tcpdump -i $external_interface icmp.
> 
> what does it says?
> 
> -- 
> Cris, member of G.U.F.I
> Italian FreeBSD User Group
> http://www.gufi.org/
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

More information about the freebsd-pf mailing list