Can't ping the same IP from multiple devices
-
@Bob-Dig said in Can't ping the same IP from multiple devices:
@patient0 Interesting. Just checked with the OtherSense, it shows this too, but you already gave that away.
Yes and it still does work with CE 2.7.2/FreeBSD 14. I think the feature/bug got introduced somewhere along FreeBSD 14.1/14.2 (in pf, ipfw doesnโt have the issue)
-
@Bob-Dig said in [Can't ping the same IP from multiple devices]
Edit: And checked with another Router, FreshTomato: behaved the same.
Mmh, that odd since itโs Linux based. I did check with VyOS back then and didnโt hit it. Have to recheck later this week.
-
@patient0 said in Can't ping the same IP from multiple devices:
that odd since itโs Linux based
But the host was Windows, so I guess, it is somewhat expected. It probably was nice of *Sense, that they had a "mitigation" for this Windows behavior.
-
Yeah if you test from something that's not Windows you'll probably find it works fine. For some reason Windows uses the same ID for all pings. So if you have 1:1 NAT (or static ports outbound NAT) then only one internal system can open a unique state. Linux uses incremental IDs. BSD uses random IDs.
-
@stephenw10 said in Can't ping the same IP from multiple devices:
So if you have 1:1 NAT (or static ports outbound NAT)
It doesn't seem to be related to that. It has worked in the past (according to the thread) and doesn't right now.
-
@SteveITS FWIW it's also an issue pinging the outer/building router from our LAN, so doesn't need to go past the second router.
I suppose, it mostly only matters as a colossal time waster while troubleshooting, if you don't know of the bug, since it's probably uncommon to see it (more common, the larger the company, I suppose).
My first time, pinging from a Linux VM, then from Windows, the Windows pings failed. After that I can't seem to reproduce that failure.
At least that implies we maybe can't trigger a false failure on our monitoring if we happen to ping something at the same time as our monitoring software.
@stephenw10 We did have static outbound set on the outer/building router...the rule is timestamped 2018 so I don't recall now why I set that. :) But turning that off last night did not change the behavior. It was not set on the inner one.
-
stephenw10 Netgate Administratorlast edited by stephenw10 Apr 24, 2025, 3:19 PM Apr 24, 2025, 3:19 PM
1:1 NAT implies static ports so if you have that set you would still hit this.
-
@stephenw10 ah ha, did not realize/remember that.
Edit: OK so then few would see this. And in theory port forwarding all ports and configuring outbound NAT, for that VIP, would bypass it?
-
Yes it would. Though it only affects icmp from Windows so.... it mostly doesn't matter.
I remember that blowing my mind when I first saw it. Mostly because Linux clients were unaffected.
-
I seem to use this pic a lot lately.
-
@Bob-Dig said in Can't ping the same IP from multiple devices:
It doesn't seem to be related to that. It has worked in the past (according to the thread) and doesn't right now.
Actually I think you are right, as least as worded. I tried from two Windows PCs at home and can repro it there. Automatic outbound NAT, not static, no 1:1.
One can see where the first ping expired:
Pinging 8.8.4.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 8.8.4.4: bytes=32 time=18ms TTL=116
Reply from 8.8.4.4: bytes=32 time=22ms TTL=116
Reply from 8.8.4.4: bytes=32 time=19ms TTL=116
Reply from 8.8.4.4: bytes=32 time=19ms TTL=116
Reply from 8.8.4.4: bytes=32 time=21ms TTL=116
Reply from 8.8.4.4: bytes=32 time=21ms TTL=116 -
@SteveITS said in Can't ping the same IP from multiple devices:
I think you are right
I tried it with both Senses and with FreshTomato, without any special OutboundNAT, the outcome was every time the same.