Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 05 Jan 2000 13:20:09 -0600
From:      Kevin Weiss <kweiss@jump.net>
To:        -DAL- <dylanal@earthlink.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ping and "simple" firewall conflict with internal IP's
Message-ID:  <4.1.20000105131943.00927dc0@pop.jump.net>
In-Reply-To: <20000105082658.A3375@cbl-dylanal.hs.earthlink.net>
References:  <4.1.20000104192010.00929100@pop.jump.net> <4.1.20000104192010.00929100@pop.jump.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks, that did it.

At 08:26 AM 1/5/00 -0800, you wrote:
>On Tue, Jan 04, 2000 at 07:30:51PM -0600, Kevin Weiss wrote:
>> I just added the following ipfw command to my "simple" firewall:
>> 	$fwcmd add pass icmp from any to any
>> 
>> I can't ping out until I comment out:
>> 	$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
>> 	$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
>> 
>> My internal hosts are using the 192.168.x.x addresses, but is there 
>> a way to allow the ping command while denying any external hosts
>> with the 192.168.x.x addresses?
>> 
>> Thanks in advance,
>> 
>> Kevin Weiss
>> kweiss@jump.net
>> 
>> 
>> 
>> 
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-questions" in the body of the message
>
>Kevin, when you added the:
>
>>       $fwcmd add pass icmp from any to any
>
>command, did you add it before the deny commands?  The code will go
>through the rule list until it finds the first match, so if the deny
>lines come before the icmp pass command, it will match the deny line
>first and never get the icmp pass command.  The solution, just ensure
>the icmp command comes first so the icmp packets will match the icmp
>line get passed through and never see the deny lines.
>
>It might help if you sent us the output of a ipfw list.
>
>					HTH -DAL-
>
>-- 
>-DAL-
>dylanal@NOSPAMearthlink.net
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000105131943.00927dc0>