[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pinging same host on the internet from two different LAN stations



Pejman Moghadam wrote:
> Melameth, Daniel D. wrote :
> > FWIW, while I haven't looked into this in detail, it appears Windows
> > clients always use the same ICMP ID--512...
> 
> I think this is right, beacuse of this state entry :
> 
> self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512       0:0
> 
> but i have not any problem with windows clients when i use ipfw in
> freebsd or even iptables in linux.
> why same ICMP ID(512) is so important for PF? how can i deal with
> that ?
I don't know the specifics of any other these packet filters and haven't
looked at any code, but I'd speculate that ipfw and iptables are
proxying these ICMP IDs in some capacity similar to the way TCP ports
are proxied and pf is just using the ICMP ID that is provided by the
client.
Then again, I could be very wrong.
Danny