From owner-freebsd-security  Tue Nov  3 00:17:07 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA04461
          for freebsd-security-outgoing; Tue, 3 Nov 1998 00:17:07 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA04448
          for <freebsd-security@FreeBSD.ORG>; Tue, 3 Nov 1998 00:17:04 -0800 (PST)
          (envelope-from avalon@coombs.anu.edu.au)
Message-Id: <199811030817.AAA04448@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA263881001; Tue, 3 Nov 1998 19:16:41 +1100
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: IPFW problems...
To: junkmale@xtra.co.nz
Date: Tue, 3 Nov 1998 19:16:41 +1100 (EDT)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <199811022300.MAA19467@cyclops.xtra.co.nz> from "Dan Langille" at Nov 3, 98 12:00:24 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Dan Langille, sie said:
> 
> On 1 Nov 98, at 22:02, Darren Reed wrote:
> 
> > In some mail from Dan Langille, sie said:
> > > 
> > > On 29 Oct 98, at 21:45, Darren Reed wrote:
> > > 
> > > > traceroute/UDP was fixed on the weekend last, the pc (ICMP) version
> > > > may not yet work.
> > > 
> > > OK.  Good!  Can you guess when the other version will work?
> > 
> > My testing shows "traceroute -I" to work properly with NAT.
> 
> I'm not sure what "traceroute -I" does.  I see no such option on 
> traceroute for FreeBSD 2.2.7.
> 
> As for my traceroute problems, my mind is unclear.  I admit that I didn't 
> take full notes.  As such, I supply the following in the hopes that it may 
> trigger something when you read it.  If it does not, then I will reinstall 
> IP Filter and get the full story.
> 
> I'm using IP Filter 3.2.9 under FreeBSD 2.2.7 RELEASE.
> 
> I believe I was able to traceroute when using NAT and without any deny 
> rules.  When I tried to add in the example firewall rules (from 
> rules/BASIC_2.FW), I found that disabling the following rule allowed 
> traceroute to work:
> 
> block in log quick all with short
> 
> When this rule was present, traceroute did not work at all.

Well, for whatever reason, I also appear to have licked this one in the
most recent beta (3.2.10beta6) which I'm hoping to get out of beta RSN
with as many of the niggling problems people are experiencing fixes as
possible.

I'm not sure why it should have been a problem, however, since
that should (only) match tiny fragments.

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message