Date: Thu, 29 Mar 2007 22:13:49 +0200 From: "Michael Grant" <mg-fbsd3@grant.org> To: "Steve Bertrand" <iaccounts@ibctech.ca> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ping Message-ID: <62b856460703291313v31de4233vf77db0446af36047@mail.gmail.com> In-Reply-To: <460C0A77.9060901@ibctech.ca> References: <62b856460703291029m23a33b2dt1f2453f74bf6cf4a@mail.gmail.com> <20070329133404.8092bd13.wmoran@potentialtech.com> <62b856460703291128q134f0caaxf201cd87dbe8b1a9@mail.gmail.com> <460C0A77.9060901@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/29/07, Steve Bertrand <iaccounts@ibctech.ca> wrote: > Michael Grant wrote: > > I'm fairly sure the problem is not in ipf, something I've been running > > for years on other machines. If run ipmon, it shows me what's being > > blocked and by which rule. Pings are not being blocked by ipf. > > > > The relevent ipf rules are: > > > > block in log on em0 all head 100 > > pass in quick proto icmp from any to any keep frags group 100 > > block out on em0 all head 200 > > pass out quick proto icmp all keep state keep frags group 200 > > > > ipfw, which I didn't really intend on using but it seems to be enabled > > anyway, I have this: > > > > 10000 allow icmp from any to any icmptypes 8 out > > 10100 allow icmp from any to any icmptypes 0 in > > 10200 allow icmp from any to any icmptypes 11 in > > 65535 allow ip from any to any > > > > Is there an equivalent of ipmon for ipfw? > > # ipfw show > > Also, during your tcpdump, did you see the icmp replies going back out, > or just coming in? I saw the pings arriving but no response. > Steve > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62b856460703291313v31de4233vf77db0446af36047>