Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Jul 2005 16:01:26 +0200
From:      Daniel Hartmeier <daniel@benzedrine.cx>
To:        Pejman Moghadam <d_a_d_a_sh@yahoo.com>
Cc:        pf@benzedrine.cx, freebsd-pf@freebsd.org
Subject:   Re: pinging same host on the internet from two different LAN stations
Message-ID:  <20050726140126.GB20522@insomnia.benzedrine.cx>
In-Reply-To: <20050726125819.90822.qmail@web32406.mail.mud.yahoo.com>
References:  <20050726125819.90822.qmail@web32406.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:

> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more different machines
> on my LAN at the same time. only one of my LAN clients can ping that target, and pinging that
> target from another station is possible only when i stop pinging from first client.
> Is there any way or any tool that ICMP portmapping allows simultaneous connections to external
> targets from multiple machines from the LAN?

I don't believe you have actually tried this.

>From one workstation (10.1.1.20)

  $ ping 199.185.137.3
  64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=218.693 ms
  64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=211.615 ms
  [...]

At the same time, from another workstation (10.2.2.11)

  $ ping 199.185.137.3
  64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=195.604 ms
  64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=194.387 ms

On the gateway which does NAT for both

  # pfctl -ss | grep icmp
  kue0 icmp 10.1.1.20:354 -> 62.65.145.30:354 -> 199.185.137.3:354 0:0
  kue0 icmp 10.2.2.11:19057 -> 62.65.145.30:19057 -> 199.185.137.3:19057 0:0

What looks like port numbers in the state is the ICMP ID, a number
chosen randomly for one ping invokation. pf uses this to dispatch
incoming replies from the external host to the appropriate internal
host.

Daniel

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050726140126.GB20522>