On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:
> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more
> different machines
> on my LAN at the same time. only one of my LAN client
Daniel Hartmeier wrote:
> On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:
> > I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT
> > with PF.
> > The problem is I can't ping the same machine on the internet from
> > two or more different machines on my LAN at the sam
Cristiano Deana wrote :
> Paste your pf.conf, it probaly contains errors.
> tcpdump -i $external_interface icmp.
This is my pf.conf
extif="{ ed0 }"
extip="{ (ed0) }"
table { 192.168.1.0/24 }
nat on $extif from to any -> $extip
pass all
on my clients windows:
on 192.168.1.18 :
C:\>echo %os%
Melameth, Daniel D. wrote :
> FWIW, while I haven't looked into this in detail, it appears Windows
> clients always use the same ICMP ID--512...
I think this is right, beacuse of this state entry :
self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0
but i have not any problem w
Pejman Moghadam wrote:
> Melameth, Daniel D. wrote :
> > FWIW, while I haven't looked into this in detail, it appears Windows
> > clients always use the same ICMP ID--512...
>
> I think this is right, beacuse of this state entry :
>
> self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512
Well FYI,
the very same problem appear on czech openbsd mailing list. Reader did
complain that one windows station could ping through pf openbsd
firewall, but the second could not (see this
http://openbsd.cz/pipermail/users/2005-July/001051.html, in czech
language however you could clearly spot "
Melameth, Daniel D. wrote:
Pejman Moghadam wrote:
Melameth, Daniel D. wrote :
FWIW, while I haven't looked into this in detail, it appears Windows
clients always use the same ICMP ID--512...
I think this is right, beacuse of this state entry :
self icmp 192.168.1.18:512 -> 1.2
On Thu, Jul 28, 2005 at 09:40:28AM +0200, Marcel Braak wrote:
> Before i had a linux/iptables firewall box that doesn't have this problem.
> I hope there's a fix for PF cause i think this is a very anoying issue.
You'll have to find out and explain to me how any other product
dispatches incoming
On 07/28/2005 04:37:38 AM, Daniel Hartmeier wrote:
Assuming Windows ping is not doing that, you'll have to provide an
alternative way to decide which client to send replies to. There's
ICMP
sequence numbers, but they can and will overlap for concurrent ping
invokations. The ICMP echo reply quot
On Tue, 26 Jul 2005 05:58:18 -0700 (PDT)
Pejman Moghadam <[EMAIL PROTECTED]> wrote:
> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more
> different machines
> on my LAN at the same time. only o
On Tue, Aug 02, 2005 at 09:37:40PM +0800, Lars Hansson wrote:
> Pinging from 2 w2k workstations thru a NAT'ing openbsd 3.4 (yes, it's old
> i know) to 66.94.230.34 (www.yahoo.com) I can reproduce this problem.
> The second workstation gets "destination unreachable" until a while after
> the first
Sorry about the mis-attribution. The idea was Karl's. Here's the
implementation, just in case anyone wants to patent it, there's already
prior art now :P
This is against -current, test feedback welcome.
Daniel
Index: pf.c
===
RCS f
I didn't get a single piece of feedback. Without any testing
confirmation, this will not make it into 3.8. If this is important
to YOU, please test it now.
Daniel
On Tue, 16 Aug 2005 11:36:18 +0200, Daniel Hartmeier wrote:
>I didn't get a single piece of feedback. Without any testing
>confirmation, this will not make it into 3.8. If this is important
>to YOU, please test it now.
>
>Daniel
>
For the benefit of the archives:
A smart patch from Daniel fixed
14 matches
Mail list logo
