Sorry about the mis-attribution. The idea was Karl's. Here's the
implementation, just in case anyone wants to patent it, there's already
prior art now :P
This is against -current, test feedback welcome.
Daniel
Index: pf.c
===
RCS f
On 07/28/2005 04:37:38 AM, Daniel Hartmeier wrote:
Assuming Windows ping is not doing that, you'll have to provide an
alternative way to decide which client to send replies to. There's
ICMP
sequence numbers, but they can and will overlap for concurrent ping
invokations. The ICMP echo reply quot
On Thu, Jul 28, 2005 at 09:40:28AM +0200, Marcel Braak wrote:
> Before i had a linux/iptables firewall box that doesn't have this problem.
> I hope there's a fix for PF cause i think this is a very anoying issue.
You'll have to find out and explain to me how any other product
dispatches incoming
Melameth, Daniel D. wrote:
Pejman Moghadam wrote:
Melameth, Daniel D. wrote :
FWIW, while I haven't looked into this in detail, it appears Windows
clients always use the same ICMP ID--512...
I think this is right, beacuse of this state entry :
self icmp 192.168.1.18:512 -> 1.2
Pejman Moghadam wrote:
> Melameth, Daniel D. wrote :
> > FWIW, while I haven't looked into this in detail, it appears Windows
> > clients always use the same ICMP ID--512...
>
> I think this is right, beacuse of this state entry :
>
> self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512
Cristiano Deana wrote :
> Paste your pf.conf, it probaly contains errors.
> tcpdump -i $external_interface icmp.
This is my pf.conf
extif="{ ed0 }"
extip="{ (ed0) }"
table { 192.168.1.0/24 }
nat on $extif from to any -> $extip
pass all
on my clients windows:
on 192.168.1.18 :
C:\>echo %os%
Melameth, Daniel D. wrote :
> FWIW, while I haven't looked into this in detail, it appears Windows
> clients always use the same ICMP ID--512...
I think this is right, beacuse of this state entry :
self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0
but i have not any problem w
Daniel Hartmeier wrote:
> On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:
> > I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT
> > with PF.
> > The problem is I can't ping the same machine on the internet from
> > two or more different machines on my LAN at the sam
2005/7/26, Pejman Moghadam <[EMAIL PROTECTED]>:
> Is there any way or any tool that ICMP portmapping allows simultaneous
> connections to external
> targets from multiple machines from the LAN?
This the standard in a normal pf configuration with nat.
Paste your pf.conf, it probaly contains error
On Tue, Jul 26, 2005 at 05:58:18AM -0700, Pejman Moghadam wrote:
> I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
> The problem is I can't ping the same machine on the internet from two or more
> different machines
> on my LAN at the same time. only one of my LAN client
Hi there
I have one FreeBSD 5.4 router/firewall box in my LAN that do NAT with PF.
The problem is I can't ping the same machine on the internet from two or more
different machines
on my LAN at the same time. only one of my LAN clients can ping that target,
and pinging that
target from another sta
11 matches
Mail list logo
