Date: Tue, 3 Nov 1998 19:16:41 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: junkmale@xtra.co.nz Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW problems... Message-ID: <199811030817.AAA04448@hub.freebsd.org> In-Reply-To: <199811022300.MAA19467@cyclops.xtra.co.nz> from "Dan Langille" at Nov 3, 98 12:00:24 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Dan Langille, sie said: > > On 1 Nov 98, at 22:02, Darren Reed wrote: > > > In some mail from Dan Langille, sie said: > > > > > > On 29 Oct 98, at 21:45, Darren Reed wrote: > > > > > > > traceroute/UDP was fixed on the weekend last, the pc (ICMP) version > > > > may not yet work. > > > > > > OK. Good! Can you guess when the other version will work? > > > > My testing shows "traceroute -I" to work properly with NAT. > > I'm not sure what "traceroute -I" does. I see no such option on > traceroute for FreeBSD 2.2.7. > > As for my traceroute problems, my mind is unclear. I admit that I didn't > take full notes. As such, I supply the following in the hopes that it may > trigger something when you read it. If it does not, then I will reinstall > IP Filter and get the full story. > > I'm using IP Filter 3.2.9 under FreeBSD 2.2.7 RELEASE. > > I believe I was able to traceroute when using NAT and without any deny > rules. When I tried to add in the example firewall rules (from > rules/BASIC_2.FW), I found that disabling the following rule allowed > traceroute to work: > > block in log quick all with short > > When this rule was present, traceroute did not work at all. Well, for whatever reason, I also appear to have licked this one in the most recent beta (3.2.10beta6) which I'm hoping to get out of beta RSN with as many of the niggling problems people are experiencing fixes as possible. I'm not sure why it should have been a problem, however, since that should (only) match tiny fragments. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811030817.AAA04448>