From owner-freebsd-questions@FreeBSD.ORG Thu Mar 29 20:13:50 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 72E0D16A408 for ; Thu, 29 Mar 2007 20:13:50 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.245]) by mx1.freebsd.org (Postfix) with ESMTP id 2BF4F13C469 for ; Thu, 29 Mar 2007 20:13:50 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so281001ana for ; Thu, 29 Mar 2007 13:13:49 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=IiHig9jlLseYW8pd/R89ERng2kOsBDot2YW38R5uck/yK2ohcPV07jdhHV/PPBJijqZK16x3bjvu2iirJBCv/gCzxKxv29jTgmrPGpr1AT+eOMZ1eXkowHLT9jvi6aOTEmvGPNCSJeEqB6fbkO2bjT7+Iev4Li46Temp/ySmQH0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=jk/XD8y46UNnFXcDtKF5zbcYgvHcSc5Llw8wk47Ns9gYqb049UmK3ouujx8XFn5ZaMu2Bm1bA8kdd6RoS4LWA1ksOei+qrV+zSLk31E8nFvUAJDsmnp/S1/CvSKRPwFgysWqTcoLCFl9AzqOxCL3RU7Lnmszca9J8KD8qqryUBU= Received: by 10.100.13.12 with SMTP id 12mr794022anm.1175199229566; Thu, 29 Mar 2007 13:13:49 -0700 (PDT) Received: by 10.100.110.6 with HTTP; Thu, 29 Mar 2007 13:13:49 -0700 (PDT) Message-ID: <62b856460703291313v31de4233vf77db0446af36047@mail.gmail.com> Date: Thu, 29 Mar 2007 22:13:49 +0200 From: "Michael Grant" Sender: michael.grant@gmail.com To: "Steve Bertrand" In-Reply-To: <460C0A77.9060901@ibctech.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <62b856460703291029m23a33b2dt1f2453f74bf6cf4a@mail.gmail.com> <20070329133404.8092bd13.wmoran@potentialtech.com> <62b856460703291128q134f0caaxf201cd87dbe8b1a9@mail.gmail.com> <460C0A77.9060901@ibctech.ca> X-Google-Sender-Auth: 59d6b40213c6a202 Cc: FreeBSD Questions Subject: Re: ping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2007 20:13:50 -0000 On 3/29/07, Steve Bertrand wrote: > Michael Grant wrote: > > I'm fairly sure the problem is not in ipf, something I've been running > > for years on other machines. If run ipmon, it shows me what's being > > blocked and by which rule. Pings are not being blocked by ipf. > > > > The relevent ipf rules are: > > > > block in log on em0 all head 100 > > pass in quick proto icmp from any to any keep frags group 100 > > block out on em0 all head 200 > > pass out quick proto icmp all keep state keep frags group 200 > > > > ipfw, which I didn't really intend on using but it seems to be enabled > > anyway, I have this: > > > > 10000 allow icmp from any to any icmptypes 8 out > > 10100 allow icmp from any to any icmptypes 0 in > > 10200 allow icmp from any to any icmptypes 11 in > > 65535 allow ip from any to any > > > > Is there an equivalent of ipmon for ipfw? > > # ipfw show > > Also, during your tcpdump, did you see the icmp replies going back out, > or just coming in? I saw the pings arriving but no response. > Steve > >