pinging same host on the internet from two different LAN
stations
Melameth, Daniel D.
dmelameth at mba-cpa.com
Wed Jul 27 23:09:08 GMT 2005
Pejman Moghadam wrote:
> Melameth, Daniel D. wrote :
> > FWIW, while I haven't looked into this in detail, it appears Windows
> > clients always use the same ICMP ID--512...
>
> I think this is right, beacuse of this state entry :
>
> self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0
>
> but i have not any problem with windows clients when i use ipfw in
> freebsd or even iptables in linux.
> why same ICMP ID(512) is so important for PF? how can i deal with
> that ?
I don't know the specifics of any other these packet filters and haven't
looked at any code, but I'd speculate that ipfw and iptables are
proxying these ICMP IDs in some capacity similar to the way TCP ports
are proxied and pf is just using the ICMP ID that is provided by the
client.
Then again, I could be very wrong.
Danny
More information about the freebsd-pf
mailing list