Hi all! We are experiencing an issue when using smart ping to determine the host state of hosts behind a VPN gateway (pfSense in our case).
When sending an icmp echo request to a host behind a VPN gateway when this host is down, the gateway answers with an “icmp unreachable” reply, using the host address as the origin. Smart ping receives this reply and interprets it as having received an answer from the host, thus declaring it “up”. This despite of the fact that the “unreachable” message means that the host is actually “unknown”, probably “down” but certainly not “up”.
It is not always possible to prevent a gateway or firewall from sending “icmp unreachable” replies.
I tried to filter these replies using “iptables” on the linux machine on which the icmpreceiver is running, but without success. Iptables does filter the replies but the icmpreceiver receives them anyway, probably because it uses libpcap to process the packets.
Therefore I would like to suggest to change the behavior of the icmpreceiver in such a way that it ignores all “icmp unreachable” packets as a sign of life from the host it is checking, maybe as a configurable option in “Global settings”.
Regards,
Johan