From owner-freebsd-isp Fri Nov 20 12:04:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA10013 for freebsd-isp-outgoing; Fri, 20 Nov 1998 12:04:48 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from tnc.com (tnc.com [139.142.36.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA10008 for ; Fri, 20 Nov 1998 12:04:47 -0800 (PST) (envelope-from swheeler@tnc.com) Received: from Shannon (fort8.tnc.com [139.142.38.151]) by tnc.com (8.8.5/8.8.2) with SMTP id NAA02834 for ; Fri, 20 Nov 1998 13:04:06 -0700 (MST) From: "Shannon Wheeler" To: "FreeBSD isp" Subject: Re: ICMP firewall entry? Date: Fri, 20 Nov 1998 13:04:03 -0700 Message-ID: <01be14c0$ebba8b20$0307070a@Shannon> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Something wrong with your subnet mask or you're using non-private IP addresses internally. What internal IP addresses are you using and what subnet masks? *The opinions expressed herein are my own and are not necessarily representative of the policies or opinions of my employer.* Shannon Wheeler Data & Comm. Tech Clearwater Welding & Fabricating Ltd Fort McMurray, AB -----Original Message----- From: Nate Williams >David Greenman's recent comment about 'too-string a firewall for ICMP' >in one of the lists got me thinking about some machines on my network. > >Currently, I have a 'home-network' of machines in each employees >home, which has it's own dedicated subnet (4 machines, whee!). However, >the machines connected to this subnet can not connect to every WWW >server on the net, while the 'gateway' machines for each home have no >such problems. > >Example: > >Internet <-> Firewall <-> Modem Server <-> Office machines > ^ ^ ^ > | | | > v v v > Home networks routers <-> Home machine 1 > > >(home networks routers are multiple machines, each connecting to the >modem server from a different house). > >All routing computers in this case are running FreeBSD, as well as the >firewall and modem server. Note, all the office machines work fine, all >of the home network routers work fine, but all of the home machines work >'most of the time'. For example, I can't connect to www.intellicast.com >from my box that I'm typing on now, but if I startup netscape on the >router box next to it things work fine. > >Could this be related to ICMP? The 'router' boxes have two addresses, >one is the 'office address' so it appears to be on the office network, >but it also has a second address that is one the 'home subnet'. The >only thing I can think is that somehow routing isn't working, but for >about 80% of the sites on the WWW, everything works peachy? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message