From owner-freebsd-questions@FreeBSD.ORG  Wed Nov  7 16:28:12 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B79DF16A58C
	for <freebsd-questions@freebsd.org>;
	Wed,  7 Nov 2007 16:28:12 +0000 (UTC)
	(envelope-from malcolm.clarke@brunel.ac.uk)
Received: from astro.systems.pipex.net (astro.systems.pipex.net [62.241.163.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 823F213C49D
	for <freebsd-questions@freebsd.org>;
	Wed,  7 Nov 2007 16:28:12 +0000 (UTC)
	(envelope-from malcolm.clarke@brunel.ac.uk)
Received: from [192.168.0.101] (81-86-251-96.dsl.pipex.com [81.86.251.96])
	by astro.systems.pipex.net (Postfix) with ESMTP id B4F18E0007CB
	for <freebsd-questions@freebsd.org>;
	Wed,  7 Nov 2007 16:04:58 +0000 (GMT)
Message-ID: <4731E220.3050006@brunel.ac.uk>
Date: Wed, 07 Nov 2007 16:04:48 +0000
From: Malcolm Clarke <malcolm.clarke@brunel.ac.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IP packet with options
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2007 16:28:12 -0000

I have configured a machine with 2 NIC and IPFW in a rather simplistic 
way as we are using it to emulate different link characteristics rather 
than as an actual firewall.

00100 4 355 pipe 1 ip from any to any via de0 in
00200 1  56 pipe 2 ip from any to any via de0 out
00300 0   0 pipe 3 ip from any to any via de1 in
00400 3 288 pipe 4 ip from any to any via de1 out
65535 4 246 deny ip from any to 
any                                          

The configuration works fine and traffic crosses the firewall without 
problem, except ICMP packets having timestamp or routing option, and 
these are not returned.

Is there a way to allow these packets to enter/exit the firewall?

Regards

Malcolm

-- 
---------------------------------------------------
Dr Malcolm Clarke
Senior Lecturer in Data Communication Systems and Telemedicine
Department of Information Systems and Computing
Brunel University
Uxbridge
Middlesex
UB8 3PH
UK

Tel: +44 1895 265053
Fax: +44 1895 251686
http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people

----------------------------------------------------