ICMP Issues I Think

JeffManross

We have 2 locations each has 5 External addresses and we NAT
each External Ipaddress and port to internal Ipaddresses and ports for specific things.

We also run Nagios Network Monitoring at both locations.
One of the Nagios TEST is to PING each server to check if it is "OK"
and to getting workload and other information from each computer.

My question is how can I enable PING to each machine specifically?
Nagios workload and other information is passed through port 12489
this is easy to map to each machine but I can not get external pings to internal IP's.
Internal ping to internal IP's works fine.

Any help or direction would be most appreciated.

Thanks
Jeff

Cry Havok

You're asking if you can ping from outside NAT to multiple machines inside?  Not possible.

I'd suggest that you look to using some form of VPN as a cleaner solution to your problem.

JeffManross

If I turn on ICMP for any inside and outside
I get PING replys from my first External IP address but not the others.

Any suggestions

Cry Havok

That's down to the device with the External IP address.  Have you configured it to reply to ping requests (ICMP Echo Request)?  Does the behaviour change if you ping directly from the pfSense host itself?

Is the "External IP address" on the pfSense host, or are they on remote hosts?

JeffManross

I have all my machines on the inside with a NAT address 10.10.10.??
and all the outside IPs are 204.??.??.93-97
WAN  TCP  22 (SSH)  10.10.10.249             (ext.: 204.??.??.93)  22 (SSH)  Nagios SSH Server   
WAN  TCP  82  10.10.10.1             (ext.: 204.??.??.93)  82  ROUTER   
WAN  TCP  25 (SMTP)  10.10.10.98             (ext.: 204.??.??.94)  25 (SMTP)  SERVER1 SMTP   
WAN  TCP  25 (SMTP)  10.10.10.98             (ext.: 204.??.??.95)  25 (SMTP)  SERVER2 SMTP   
WAN  TCP  25 (SMTP)  10.10.10.98             (ext.: 204.??.??.96)  25 (SMTP)  SERVER3 SMTP   
WAN  TCP  3389 (MS RDP)  10.10.10.99 (ext.: 204.??.??.95)  3389 (MS RDP)  SERVER2 RDP   
WAN  TCP  80 (HTTP)  10.10.10.99                (ext.: 204.??.??.96)  80 (HTTP)  SERVER3 HTTP   
WAN  TCP  443 (HTTPS)  10.10.10.99              (ext.: 204.??.??.96)  443 (HTTPS)  SERVER3 HTTPS   
WAN  TCP  81  10.10.10.99                          (ext.: 204.??.??.94)  81
WAN  TCP  80 (HTTP)  10.10.10.100             (ext.: 204.??.??.95)  80 (HTTP)  SERVER2 HTTP   
WAN  TCP  443 (HTTPS)  10.10.10.100            (ext.: 204.??.??.95)  443 (HTTPS)  SERVER2 HTTPS   
WAN  TCP  80 (HTTP)  10.10.10.101             (ext.: 204.??.??.94)  80 (HTTP)  SERVER1 HTTP   
WAN  TCP  443 (HTTPS)  10.10.10.101            (ext.: 204.??.??.94)  443 (HTTPS)  SERVER1 HTTPS   
WAN  TCP  3389 (MS RDP)  10.10.10.101        (ext.: 204.??.??.94)  3389 (MS RDP)  SERVER1 RDP

I want to be able to ping each inside machine seperatly.

Thanks
Jeff

cmb

You can only do that with ICMP and NAT when using 1:1.