• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't ping the same IP from multiple devices

Scheduled Pinned Locked Moved General pfSense Questions
17 Posts 4 Posters 643 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    patient0 @SteveITS
    last edited by Apr 24, 2025, 6:29 AM

    @SteveITS said in Can't ping the same IP from multiple devices:

    Not sure I tried pinging all our routers.

    I don't run into the issue since I don't have any Windows clients. And it seems that ping on Windows sets ICMP ID to 1 while on Linux it is set to a random id.

    FreeBSD (erroneously) set the WAN ICMP ID to the same as the source ICMP ID. And only if you set ICMP ID to 8 FreeBSD picks a random ID for the WAN to ping-destination. And since ICMP type ECHO_REQUEST numerical value is 8 ... mmhh, I'm no programmer.

    1 Reply Last reply Reply Quote 1
    • B
      Bob.Dig LAYER 8 @patient0
      last edited by Bob.Dig Apr 24, 2025, 8:59 AM Apr 24, 2025, 8:18 AM

      @patient0 Interesting. Just checked with the OtherSense, it shows this too, but you already gave that away.
      Edit: And checked with another Router, FreshTomato: behaved the same.

      P 2 Replies Last reply Apr 24, 2025, 8:22 AM Reply Quote 0
      • P
        patient0 @Bob.Dig
        last edited by patient0 Apr 24, 2025, 8:40 AM Apr 24, 2025, 8:22 AM

        @Bob-Dig said in Can't ping the same IP from multiple devices:

        @patient0 Interesting. Just checked with the OtherSense, it shows this too, but you already gave that away.

        Yes and it still does work with CE 2.7.2/FreeBSD 14. I think the feature/bug got introduced somewhere along FreeBSD 14.1/14.2 (in pf, ipfw doesnโ€™t have the issue)

        1 Reply Last reply Reply Quote 1
        • P
          patient0 @Bob.Dig
          last edited by patient0 Apr 24, 2025, 9:20 AM Apr 24, 2025, 9:20 AM

          @Bob-Dig said in [Can't ping the same IP from multiple devices]

          Edit: And checked with another Router, FreshTomato: behaved the same.

          Mmh, that odd since itโ€™s Linux based. I did check with VyOS back then and didnโ€™t hit it. Have to recheck later this week.

          B 1 Reply Last reply Apr 24, 2025, 9:39 AM Reply Quote 0
          • B
            Bob.Dig LAYER 8 @patient0
            last edited by Apr 24, 2025, 9:39 AM

            @patient0 said in Can't ping the same IP from multiple devices:

            that odd since itโ€™s Linux based

            But the host was Windows, so I guess, it is somewhat expected. It probably was nice of *Sense, that they had a "mitigation" for this Windows behavior.

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Apr 24, 2025, 2:51 PM

              Yeah if you test from something that's not Windows you'll probably find it works fine. For some reason Windows uses the same ID for all pings. So if you have 1:1 NAT (or static ports outbound NAT) then only one internal system can open a unique state. Linux uses incremental IDs. BSD uses random IDs.

              B 1 Reply Last reply Apr 24, 2025, 2:54 PM Reply Quote 1
              • B
                Bob.Dig LAYER 8 @stephenw10
                last edited by Bob.Dig Apr 24, 2025, 2:55 PM Apr 24, 2025, 2:54 PM

                @stephenw10 said in Can't ping the same IP from multiple devices:

                So if you have 1:1 NAT (or static ports outbound NAT)

                It doesn't seem to be related to that. It has worked in the past (according to the thread) and doesn't right now.

                S 1 Reply Last reply Apr 24, 2025, 6:10 PM Reply Quote 0
                • S
                  SteveITS Galactic Empire @SteveITS
                  last edited by Apr 24, 2025, 3:07 PM

                  @SteveITS FWIW it's also an issue pinging the outer/building router from our LAN, so doesn't need to go past the second router.

                  I suppose, it mostly only matters as a colossal time waster while troubleshooting, if you don't know of the bug, since it's probably uncommon to see it (more common, the larger the company, I suppose).

                  My first time, pinging from a Linux VM, then from Windows, the Windows pings failed. After that I can't seem to reproduce that failure.

                  At least that implies we maybe can't trigger a false failure on our monitoring if we happen to ping something at the same time as our monitoring software.

                  @stephenw10 We did have static outbound set on the outer/building router...the rule is timestamped 2018 so I don't recall now why I set that. :) But turning that off last night did not change the behavior. It was not set on the inner one.

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote ๐Ÿ‘ helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by stephenw10 Apr 24, 2025, 3:19 PM Apr 24, 2025, 3:19 PM

                    1:1 NAT implies static ports so if you have that set you would still hit this.

                    S 1 Reply Last reply Apr 24, 2025, 3:23 PM Reply Quote 0
                    • S
                      SteveITS Galactic Empire @stephenw10
                      last edited by SteveITS Apr 24, 2025, 3:26 PM Apr 24, 2025, 3:23 PM

                      @stephenw10 ah ha, did not realize/remember that.

                      Edit: OK so then few would see this. And in theory port forwarding all ports and configuring outbound NAT, for that VIP, would bypass it?

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote ๐Ÿ‘ helpful posts!

                      1 Reply Last reply Reply Quote 0
                      • S
                        stephenw10 Netgate Administrator
                        last edited by Apr 24, 2025, 6:02 PM

                        Yes it would. Though it only affects icmp from Windows so.... it mostly doesn't matter. ๐Ÿ˜‰

                        I remember that blowing my mind when I first saw it. Mostly because Linux clients were unaffected. ๐Ÿ˜ต

                        S 1 Reply Last reply Apr 24, 2025, 6:06 PM Reply Quote 0
                        • S
                          SteveITS Galactic Empire @stephenw10
                          last edited by Apr 24, 2025, 6:06 PM

                          I seem to use this pic a lot lately.

                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                          Upvote ๐Ÿ‘ helpful posts!

                          1 Reply Last reply Reply Quote 1
                          • S
                            SteveITS Galactic Empire @Bob.Dig
                            last edited by SteveITS Apr 24, 2025, 6:22 PM Apr 24, 2025, 6:10 PM

                            @Bob-Dig said in Can't ping the same IP from multiple devices:

                            It doesn't seem to be related to that. It has worked in the past (according to the thread) and doesn't right now.

                            Actually I think you are right, as least as worded. I tried from two Windows PCs at home and can repro it there. Automatic outbound NAT, not static, no 1:1.

                            One can see where the first ping expired:

                            Pinging 8.8.4.4 with 32 bytes of data:
                            Request timed out.
                            Request timed out.
                            Request timed out.
                            Request timed out.
                            Request timed out.
                            Request timed out.
                            Reply from 8.8.4.4: bytes=32 time=18ms TTL=116
                            Reply from 8.8.4.4: bytes=32 time=22ms TTL=116
                            Reply from 8.8.4.4: bytes=32 time=19ms TTL=116
                            Reply from 8.8.4.4: bytes=32 time=19ms TTL=116
                            Reply from 8.8.4.4: bytes=32 time=21ms TTL=116
                            Reply from 8.8.4.4: bytes=32 time=21ms TTL=116

                            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                            Upvote ๐Ÿ‘ helpful posts!

                            B 1 Reply Last reply Apr 25, 2025, 7:16 AM Reply Quote 1
                            • B
                              Bob.Dig LAYER 8 @SteveITS
                              last edited by Apr 25, 2025, 7:16 AM

                              @SteveITS said in Can't ping the same IP from multiple devices:

                              I think you are right

                              I tried it with both Senses and with FreshTomato, without any special OutboundNAT, the outcome was every time the same.

                              1 Reply Last reply Reply Quote 0
                              17 out of 17
                              • First post
                                17/17
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received