From owner-freebsd-questions@FreeBSD.ORG Thu Mar 29 18:28:53 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D722616A402 for ; Thu, 29 Mar 2007 18:28:53 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.237]) by mx1.freebsd.org (Postfix) with ESMTP id 9218F13C44C for ; Thu, 29 Mar 2007 18:28:53 +0000 (UTC) (envelope-from michael.grant@gmail.com) Received: by wr-out-0506.google.com with SMTP id 70so326876wra for ; Thu, 29 Mar 2007 11:28:53 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Ito2QARvhSyFXaal79NBRWGZ9VlP+VPGpsC11/bB1qYbLiooSpodj1onuHeWCZQjx/9qIpTNePjb5Fo0YOjhc5YJjaIooMmTazoV/kwTg+KLhGL6G5QD2APJsGSXPiRXTageMegivgdSNpUICEjajE3nYPLpMfSQsCCo3XtJFLE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=LLFZB9DOa2WSk2CAhyDUbZd1y7HRuaBE3ibyHXKVVcg347YiS7hB3S7Dd9eYuCRf2gr4q48NiYMb+QhIK8gMhdBoQfkZMhm9iZ/VUAF2dq91jqj+5DzOstjZXLjfRBqD8lH0NwGdS+Axd+ENsu/5QbcYbhh7dnYXBxIvo18dnSw= Received: by 10.100.126.2 with SMTP id y2mr709918anc.1175192933017; Thu, 29 Mar 2007 11:28:53 -0700 (PDT) Received: by 10.100.110.6 with HTTP; Thu, 29 Mar 2007 11:28:52 -0700 (PDT) Message-ID: <62b856460703291128q134f0caaxf201cd87dbe8b1a9@mail.gmail.com> Date: Thu, 29 Mar 2007 20:28:52 +0200 From: "Michael Grant" Sender: michael.grant@gmail.com To: "Bill Moran" In-Reply-To: <20070329133404.8092bd13.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <62b856460703291029m23a33b2dt1f2453f74bf6cf4a@mail.gmail.com> <20070329133404.8092bd13.wmoran@potentialtech.com> X-Google-Sender-Auth: d89d1a18dc6bda8e Cc: FreeBSD Questions Subject: Re: ping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2007 18:28:53 -0000 I'm fairly sure the problem is not in ipf, something I've been running for years on other machines. If run ipmon, it shows me what's being blocked and by which rule. Pings are not being blocked by ipf. The relevent ipf rules are: block in log on em0 all head 100 pass in quick proto icmp from any to any keep frags group 100 block out on em0 all head 200 pass out quick proto icmp all keep state keep frags group 200 ipfw, which I didn't really intend on using but it seems to be enabled anyway, I have this: 10000 allow icmp from any to any icmptypes 8 out 10100 allow icmp from any to any icmptypes 0 in 10200 allow icmp from any to any icmptypes 11 in 65535 allow ip from any to any Is there an equivalent of ipmon for ipfw? Michael Grant Is there On 3/29/07, Bill Moran wrote: > In response to "Michael Grant" : > > > A while ago I installed 6.1 on a box. I noticed that I cannot ping > > this box even though I can log into it. The pings are arriving at the > > box because I can see them with tcp dump. They're not being blocked > > by ipf because nothing shows up in ipmon. I added rules specifically > > to allow icmp in ipfw, even though ipfw was wide open allowing > > everything in and out. My box still does not respond to pings. Is > > there something I need to do to manually enable pings on freebsd 6? > > There is nothing special that needs done for FreeBSD 6 to respond to > pings. > > Are you using IPFW or ipfilter? You seem to indicate that you're using > both, which would not be the best of ideas. Post your firewall rules > so list members can have a look. Are you sure the machine that is sending > pings is not firewalling off the ICMP responses? > > -- > Bill Moran > http://www.potentialtech.com > >