2 Windows hosts cannot receive echo ping from the same IPv4 internet host simultaneously

madbrain

I discovered a very weird problem recently with pfSense + 25.07 .

I have two Windows 11 Pro x64 hosts.

1. on the first host, I start a terminal with "ping -t 8.8.8.8" . It starts receiving responses.

2. on the first host, I start a terminal with "ping -t 8.8.8.8" . It gets timeouts

3. on the first host, I ctrl-c out of ping

4. the second host starts receiving ping replies from 8.8.8.8

I can reproduce this issue with pfSense factory defaults, having only selected the LAN and WAN interfaces on the local console, never even resetting the password or logging in to the web UI.

Hardware wise, the NIC is an Intel X550-T2 . ix0 is the WAN interface, with a Comcast XB8 in bridged mode connected. ix1 is the LAN interface, connected to an unmanaged TP-Link TL-SX105 switch. Only 3 ports on the switch are in use - one for pfSense, two for the Windows hosts.

I couldn't make it any simpler to reproduce the issue if I tried.

If I bypass pfSense, and set the XB8 in router mode rather than bridge mode, I don't have that issue - both Windows hosts can ping 8.8.8.8 successfully.

I'm not sure what causes this, but suspect some sort of NAT issue, which is why I posted in this forum.

If I use two Linux hosts with pfSense, rather than two Windows hosts, they can both receive ping from 8.8.8.8 simultaneously successfully. One Windows host and one Linux host both ping 8.8.8.8 is also OK.

Note that the issue is not specific to 8.8.8.8 . I just used it as an example. If two Windows hosts both ping 1.1.1.1, I also see the same problem.

Also, the issue is specific to IPv4 . If both Windows hosts ping an IPv6 host, such as 2606:4700:4700::1111, they simultaneously receive echo ping.

patient0

@madbrain I thought the fix made it into pfSense but your are right it's not in 25.07.

The reference is "FreeBSD Bug 283795 - ICMP echo requests from Windows hosts dropped when NAT'ed":
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283795

For me it is fixed in pfSense 25.11-BETA, testing from two Linux VM running ping -e 1 1.1.1.1

madbrain

@patient0 I don't see the bug from Linux hosts. Did you test from Windows hosts with 25.11-beta ?

Never mind. I had not tried 2 Linux hosts - only 1 Windows + 1 Linux. I reproduced it also with one Raspberry Pi OS box, and one Ubuntu 22 box, both pinging 8.8.8.8 .

Actually, I'm so confused. On the second attempt, both Linux boxes succeeded simultaneously.

patient0

@madbrain on Linux you have to run ping with -e 0 to see the bug.

Windows ping seems to use ICMP identifier 0 and other ping implementation use a random one.

Edit: ok, good you could reproduce it on Linux

@madbrain said in 2 Windows hosts cannot receive echo ping from the same IPv4 internet host simultaneously:

Actually, I'm so confused. On the second attempt, both Linux boxes succeeded simultaneously.

You run ping -e 0 ... on Linux?

madbrain

@patient0 Actually odd, it didn't work at first, then started working on Linux.

The explanation makes sense. I'm still a bit wary of using 25.11 beta in production. Will check release notes.

patient0

@madbrain said in 2 Windows hosts cannot receive echo ping from the same IPv4 internet host simultaneously:

m still a bit wary of using 25.11 beta in production. Will check release notes.

I understand and you may really want to wait. It was meant only as a reference that it will work in the future.

SteveITS

@patient0 I’d run into/posted this a while back and it was driving me nuts. Good to hear FreeBSD fixed it. Or accounted for it.