On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote: > I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF. > The problem is I can't ping the same machine on the internet from two or more > different machines > on my LAN at the same time. only one of my LAN clients can ping that target, > and pinging that > target from another station is possible only when i stop pinging from first > client. > Is there any way or any tool that ICMP portmapping allows simultaneous > connections to external > targets from multiple machines from the LAN?
I don't believe you have actually tried this. >From one workstation (10.1.1.20) $ ping 199.185.137.3 64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=218.693 ms 64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=211.615 ms [...] At the same time, from another workstation (10.2.2.11) $ ping 199.185.137.3 64 bytes from 199.185.137.3: icmp_seq=0 ttl=235 time=195.604 ms 64 bytes from 199.185.137.3: icmp_seq=1 ttl=235 time=194.387 ms On the gateway which does NAT for both # pfctl -ss | grep icmp kue0 icmp 10.1.1.20:354 -> 62.65.145.30:354 -> 199.185.137.3:354 0:0 kue0 icmp 10.2.2.11:19057 -> 62.65.145.30:19057 -> 199.185.137.3:19057 0:0 What looks like port numbers in the state is the ICMP ID, a number chosen randomly for one ping invokation. pf uses this to dispatch incoming replies from the external host to the appropriate internal host. Daniel
