Date: Thu, 28 Jul 2005 09:40:28 +0200 From: Marcel Braak <mbraak@xs4all.nl> To: "Melameth, Daniel D." <dmelameth@mba-cpa.com> Cc: pf@benzedrine.cx, freebsd-pf@freebsd.org Subject: Re: pinging same host on the internet from two different LAN stations Message-ID: <42E88BEC.4060007@xs4all.nl> In-Reply-To: <31BA35C490DBFC40B5C331C7987835AE61236C@mbafmail.internal.mba-cpa.com> References: <31BA35C490DBFC40B5C331C7987835AE61236C@mbafmail.internal.mba-cpa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Melameth, Daniel D. wrote: >Pejman Moghadam wrote: > > >>Melameth, Daniel D. wrote : >> >> >>>FWIW, while I haven't looked into this in detail, it appears Windows >>>clients always use the same ICMP ID--512... >>> >>> >>I think this is right, beacuse of this state entry : >> >>self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0 >> >>but i have not any problem with windows clients when i use ipfw in >>freebsd or even iptables in linux. >>why same ICMP ID(512) is so important for PF? how can i deal with >>that ? >> >> > >I don't know the specifics of any other these packet filters and haven't >looked at any code, but I'd speculate that ipfw and iptables are >proxying these ICMP IDs in some capacity similar to the way TCP ports >are proxied and pf is just using the ICMP ID that is provided by the >client. > >Then again, I could be very wrong. > >Danny > > > > I have ran into this issue two days ago also. We have a monitoring server that monitors a couple of server by sending pings, and is informing me when a server isn't reachable by sending me a sms. But when an other hosts pings one of the servers the monitoring server can't ping the server anymore and is sending me a sms. In this case the server isn't down.. Before i had a linux/iptables firewall box that doesn't have this problem. I hope there's a fix for PF cause i think this is a very anoying issue. Marcel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E88BEC.4060007>