From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 13:22:59 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3363137B401 for ; Mon, 7 Jul 2003 13:22:59 -0700 (PDT) Received: from parmenides.zen.co.uk (parmenides.zen.co.uk [212.23.8.69]) by mx1.FreeBSD.org (Postfix) with SMTP id 2354743F3F for ; Mon, 7 Jul 2003 13:22:58 -0700 (PDT) (envelope-from stacey@vickiandstacey.com) Received: (qmail 26834 invoked from network); 7 Jul 2003 20:22:57 -0000 Received: from protagoras.zen.co.uk (212.23.8.61) by parmenides.zen.co.uk with QMQP; 7 Jul 2003 20:22:57 -0000 Received: from 82-68-31-177.dsl.in-addr.zen.co.uk (HELO ?192.168.1.8?) (82.68.31.177) by protagoras.zen.co.uk with SMTP; 7 Jul 2003 20:22:56 -0000 X-Zen-Trace: 82.68.31.177 From: Stacey Roberts To: Frank Knobbe In-Reply-To: <1057605801.552.61.camel@localhost> References: <1057603959.349.193.camel@localhost> <1057605801.552.61.camel@localhost> Content-Type: text/plain Message-Id: <1057609379.349.213.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.0 Date: 07 Jul 2003 20:23:00 +0000 Content-Transfer-Encoding: 7bit cc: FreeBSD Questions cc: freebsduk Subject: Re: Changed ISP now can't get to websites / traceroute X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: stacey@vickiandstacey.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2003 20:22:59 -0000 Hello Frank, On Mon, 2003-07-07 at 19:23, Frank Knobbe wrote: > On Mon, 2003-07-07 at 13:52, Stacey Roberts wrote: > > > 2] Does anyone know of any reason why traceroute might fail on FreeBSD, > > but work on Win2K Pro? > > Stacey, > > FreeBSD uses UDP based traceroute while Windows boxes use ICMP based > traceroute. Some providers (like ComCast cable) block ICMP packets (so > tracert on Windows fails), but let UDP packets through (which means that > BSD based traceroute succeeds). > Ahh.., that's got to be it.., I'll have a look at my ipfw ruleset and see if there's something can be tweaked.., For what its worth, here are the relevant statements that previously worked with my PIPEX adsl connection: $fwcmd add 00640 allow tcp from any to any out via $oif setup keep-state uid root $fwcmd add 00641 allow tcp from any to any in via $oif setup keep-state uid root $fwcmd add 00642 allow udp from me to any 33435-33500 out via $oif keep-state $fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif limit src-addr 2 # Allow out ping function $fwcmd add 00650 allow icmp from any to any out via $oif keep-state And here's all the icmp-related statements: $ grep -i icmp /etc/firewall/fwrules $fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif limit src-addr 2 $fwcmd add 00650 allow icmp from any to any out via $oif keep-state $fwcmd add 00860 deny log icmp from any to me icmptype 0,8 in via $oif $ These worked fine before.., Can't imagine why they wouldn't be okay now. Thanks again for the info, Frank.., That's another one of those things..., Regards, Stacey > HTH, > Frank -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com