Firewall/NAT

I have the classcial setup:

A generic PC running monowall at local ip adress 192.168.0.1

And 3 Clients runing XP connected to it with ip adresses: 192.168.0.2, 192.168.0.3 and 192.168.0.4

As long as I ping an address (ie www.qsc.de) just from one Client all works fine and I get a ping reply.

But as soon as I try to ping the same address from another Client (while the pinging on the first Client still runs) I get a "Request timed out" on the second Client. When I stop the pinging on the first Client then immediatelly I start to get a ping reply on the second Client.....

I would like to be able to ping any wan ip address on any Client at any time....

So advise would be greatly apreciated...

Thanks in advance 

That's a limitation of the NAT software m0n0wall uses. That might not be the case with 1.3, if you really need to do that, try it.

Tested this with two 1.3b10 over the Internet and the remote m0n0wall pings fine from one PC but pinging the same public IP from a second PC shows random timeouts on both PCs.  Kill the second PC and no timeout on the first PC.

CS...

Wow, that's a big flaw, isn't it?

Is this officialy seen as being a bug and will this be "fixed"?

Did anyone test this with the latest build? (1.3b10 or 1.3b11)

Is this officialy seen as being a bug and will this be "fixed"?

Did anyone test this with the latest build? (1.3b10 or 1.3b11)

Nobody?

This is not considered a bug. Unlike TCP and UDP, ICMP doesn't have port numbers that could be used to distinguish between concurrent ICMP "sessions". Some firewalls use the ICMP ID to do that, but ipnat (from ipfilter, the packet filter used in m0n0wall) doesn't. I don't think it's a big deal, as it works properly for TCP and UDP.

If you really want it fixed, get someone to implement ICMP ID based NAT in ipfilter/ipnat. Which will probably mean that you'll have to do it yourself.

I can understand your point-of-view.
I'm afraid that my knowledge is not good enough to "fix" this myself :-(