On Tue, 17 Aug 2004, Brian Degenhardt wrote:
> There's an issue I've seen with freebsd and icmp pings. FreeBSD (well
> 4.9 at least) doesn't do a very good job NATting multiple hosts pinging
> the same address. It may be that this same issue arises when the
> machine doing the natting pings a host that a machine behind it is also
> pinging. See here for more details on what I've seen:
It doesn't matter whether the "machine doing the NATting" is one of the
participants. The same problem exists for multiple LAN clients.
It's actually IPFilter's NAT code that's at issue. It isn't smart enough
to make use of the ICMP ID field (possibly remapping it), so for
(non-error) ICMP it just uses the "default NAT" behavior of mapping
packets solely based on IP address. That means it has no way to tell
which client deserves the response from a given remote IP.
If pings are being used just as a connectivity test, the workaround is to
use different outside machines (or at least different IPs) as the targets
from the different clients.