multiple pings blocked?
-
Hi - I have a classroom of 10 PCs sat behind a pfSense firewall. All machines can browse the web no problem, everything is doing what it needs to. However, i ping 8.8.8.8 from one device, i get a response. If i ping 8.8.8.8 from 2 devices at the same time, i get no response. I can ping 10 different external addresses from 10 machines but i cannot ping the same address from 2 or more machines at the same time. This didnt used to be a problem. Has something changed in an update? Thanks
-
@MP83 yeah this a known thing.. There is at least 1 other thread about it - let me see if I can dig up the redmine about it.
edit: here is one of the threads about it
https://forum.netgate.com/topic/197245/can-t-ping-the-same-ip-from-multiple-devices
Related to a freebsd bug and nat and windows - I didn't reread the whole thread. Do you have static nat setup, or 1:1 nat? something related to windows and ID, etc.
-
@johnpoz @MP83 the bug in question is:
FreeBSD: Bug 283795 - ICMP echo requests from Windows hosts dropped when NAT'ed
... and it's fixed but not that long ago. I don't know if it was backported. It's in pfSense+ ??25.07?? and later, not sure right now.
What pfSense version are you using, @MP83?
-
@patient0 I just did a test, on 25.11 pinging 8.8.8.8 from 2 windows machine on my network and both work.. But then again not doing any sort of static outbound nat or 1:1 nat
-
@johnpoz I don't think you need any special NAT rules for it not to work.
AFAI remember Windows always uses (ICMP?) ID 0 (or 1?) when pinging a host. And FreeBSD did use the same ID it got from the host for pinging WAN to host, didn't randomizing it. After some bugfix for something else that is.
-
At the end of that other thread we determined the bug wasn't related to the NAT settings.
It's still in 25.07, looks like it may be fixed in 25.11 with limited testing.
-
@SteveITS well if it wasn't related to static nat, my simple test shows its not an issue with 25.11, I have total of 4 windows machines I could test from.
But I would think 2 would be enough to see if its happening. Which it wasn't with the test I just did.
-
thanks for quick responses all....we are using pfSense CE in this instance. Would that make a difference?
-
@MP83 said in multiple pings blocked?:
we are using pfSense CE in this instance. Would that make a difference?
This bug doesn't exist in CE 2.7.2 but it does in CE 2.8.1 and will probably be fixed in the next CE release. Only Netgate knows when that will be, could be another year or so.
-
@MP83 FWIW Netgate
doesn't date stamp releasesbut the order can be seen in the left navigation pane of https://docs.netgate.com/pfsense/en/latest/releases/.25.11 changed FreeBSD versions (to 16), presumably why the fix was included in this case.
Edit: dates are on https://docs.netgate.com/pfsense/en/latest/releases/versions.html, d'oh, I knew that.
