Date: Wed, 27 Jul 2005 19:09:05 -0400 From: "Melameth, Daniel D." <dmelameth@mba-cpa.com> To: "Pejman Moghadam" <d_a_d_a_sh@yahoo.com> Cc: pf@benzedrine.cx, freebsd-pf@freebsd.org Subject: RE: pinging same host on the internet from two different LAN stations Message-ID: <31BA35C490DBFC40B5C331C7987835AE61236C@mbafmail.internal.mba-cpa.com>
next in thread | raw e-mail | index | archive | help
Pejman Moghadam wrote: > Melameth, Daniel D. wrote : > > FWIW, while I haven't looked into this in detail, it appears Windows > > clients always use the same ICMP ID--512... >=20 > I think this is right, beacuse of this state entry : >=20 > self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0 >=20 > but i have not any problem with windows clients when i use ipfw in > freebsd or even iptables in linux. > why same ICMP ID(512) is so important for PF? how can i deal with > that ? I don't know the specifics of any other these packet filters and haven't looked at any code, but I'd speculate that ipfw and iptables are proxying these ICMP IDs in some capacity similar to the way TCP ports are proxied and pf is just using the ICMP ID that is provided by the client. Then again, I could be very wrong. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31BA35C490DBFC40B5C331C7987835AE61236C>