1:1 NAT and DUP pings
-
I have a problem that's been bugging me for a couple of weeks.
I recently started using 1:1 NAT with aliased virtual IP addresses for my public-facing servers. This is working well, except for one thing. When I'm outside my LAN, and I'm using something other than Windows, all my 1:1 NAT addresses respond with duplicate pings.
For example:
% ping x.x.x.x
PING x.x.x.x (x.x.x.x): 56 data bytes
64 bytes from x.x.x.x: icmp_seq=0 ttl=116 time=35.964 ms
64 bytes from x.x.x.x: icmp_seq=0 DUP! ttl=116 time=1021.083 ms
64 bytes from x.x.x.x: icmp_seq=1 ttl=116 time=33.490 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=116 time=34.728 ms
64 bytes from x.x.x.x: icmp_seq=1 DUP! ttl=116 time=1672.580 msThis only happens with addresses involved in a 1:1 NAT. I can set up a virtual IP on pfSense without 1:1 NAT and ping responses are normal.
Other than the duplicate pings, I haven't noticed any issues.
Is this normal behavior for 1:1 NAT, or is something inside my LAN causing this to happen?
-
I finally figured this out. Turns out it had nothing to do with pfSense; the duplicate ping responses were caused by a D-Link DGS-3612G L3 switch with buggy old firmware. Updating the firmware fixed the problem.