Date: Tue, 26 Jul 2005 12:55:56 -0400 From: "Melameth, Daniel D." <dmelameth@mba-cpa.com> To: "Pejman Moghadam" <d_a_d_a_sh@yahoo.com> Cc: pf@benzedrine.cx, freebsd-pf@freebsd.org Subject: RE: pinging same host on the internet from two different LAN stations Message-ID: <31BA35C490DBFC40B5C331C7987835AE6122E9@mbafmail.internal.mba-cpa.com>
next in thread | raw e-mail | index | archive | help
Daniel Hartmeier wrote: > On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote: > > I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT > > with PF.=20 > > The problem is I can't ping the same machine on the internet from > > two or more different machines on my LAN at the same time. only one > > of my LAN clients can ping that target, and pinging that target > > from another station is possible only when i stop pinging from > > first client. =20 > > Is there any way or any tool that ICMP portmapping allows > > simultaneous connections to external targets from multiple machines > > from the LAN?=20 >=20 > I don't believe you have actually tried this. >=20 > From one workstation (10.1.1.20) >=20 > $ ping 199.185.137.3 > 64 bytes from 199.185.137.3: icmp_seq=3D0 ttl=3D235 time=3D218.693 = ms > 64 bytes from 199.185.137.3: icmp_seq=3D1 ttl=3D235 time=3D211.615 = ms > [...] >=20 > At the same time, from another workstation (10.2.2.11) >=20 > $ ping 199.185.137.3 > 64 bytes from 199.185.137.3: icmp_seq=3D0 ttl=3D235 time=3D195.604 = ms > 64 bytes from 199.185.137.3: icmp_seq=3D1 ttl=3D235 time=3D194.387 = ms >=20 > On the gateway which does NAT for both >=20 > # pfctl -ss | grep icmp > kue0 icmp 10.1.1.20:354 -> 62.65.145.30:354 -> 199.185.137.3:354 0:0 > kue0 icmp 10.2.2.11:19057 -> 62.65.145.30:19057 -> > 199.185.137.3:19057 0:0=20 >=20 > What looks like port numbers in the state is the ICMP ID, a number > chosen randomly for one ping invokation. pf uses this to dispatch > incoming replies from the external host to the appropriate internal > host. FWIW, while I haven't looked into this in detail, it appears Windows clients always use the same ICMP ID--512... >echo %os% Windows_NT >ping 199.185.137.3 Pinging 199.185.137.3 with 32 bytes of data: Reply from 199.185.137.3: bytes=3D32 time=3D117ms TTL=3D242 Reply from 199.185.137.3: bytes=3D32 time=3D118ms TTL=3D242 Reply from 199.185.137.3: bytes=3D32 time=3D118ms TTL=3D242 Reply from 199.185.137.3: bytes=3D32 time=3D118ms TTL=3D242 # uname -a OpenBSD openbsdvm.internal.melameth.com 3.7 GENERIC#50 i386 # ping -c 5 199.185.137.3 PING 199.185.137.3 (199.185.137.3): 56 data bytes 64 bytes from 199.185.137.3: icmp_seq=3D0 ttl=3D242 time=3D129.318 ms 64 bytes from 199.185.137.3: icmp_seq=3D1 ttl=3D242 time=3D128.110 ms 64 bytes from 199.185.137.3: icmp_seq=3D2 ttl=3D242 time=3D100.227 ms 64 bytes from 199.185.137.3: icmp_seq=3D3 ttl=3D242 time=3D159.927 ms 64 bytes from 199.185.137.3: icmp_seq=3D4 ttl=3D242 time=3D153.973 ms --- 199.185.137.3 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev =3D 100.227/134.311/159.927/21.297 ms # uname -a OpenBSD mel.internal.melameth.com 3.7 GENERIC#50 i386 # ping -c 5 199.185.137.3 PING 199.185.137.3 (199.185.137.3): 56 data bytes 64 bytes from 199.185.137.3: icmp_seq=3D0 ttl=3D242 time=3D117.295 ms 64 bytes from 199.185.137.3: icmp_seq=3D1 ttl=3D242 time=3D124.281 ms 64 bytes from 199.185.137.3: icmp_seq=3D2 ttl=3D242 time=3D115.875 ms 64 bytes from 199.185.137.3: icmp_seq=3D3 ttl=3D242 time=3D119.523 ms 64 bytes from 199.185.137.3: icmp_seq=3D4 ttl=3D242 time=3D123.472 ms --- 199.185.137.3 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev =3D 115.875/120.089/124.281/3.320 ms ...and the output from the gateway which reflects the machines above respectively: $ sudo pfctl -ss | grep icmp self icmp 192.168.x.x:512 -> 207.224.x.x:512 -> 199.185.137.3:512 0:0 self icmp 192.168.x.x:51726 -> 207.224.x.x:51726 -> 199.185.137.3:51726 0:0 self icmp 192.168.x.x:5903 -> 207.224.x.x:5903 -> 199.185.137.3:5903 0:0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31BA35C490DBFC40B5C331C7987835AE6122E9>