Date: Fri, 20 Nov 1998 14:42:45 -0800 From: Renaud Waldura <rwaldura@LIGOS.COM> To: "'Nate Williams'" <nate@mt.sri.com>, Shannon Wheeler <swheeler@tnc.com> Cc: FreeBSD isp <freebsd-isp@FreeBSD.ORG> Subject: RE: ICMP firewall entry? Message-ID: <9141909996F1D011B8FF00A0C95A661B24B791@server.ligos.com>
next in thread | raw e-mail | index | archive | help
Have you thought of Path MTU discovery being broken because if ICMP filtering? Check this out: http://www.worldgate.com/~marcs/mtu/ --Renaud > -----Original Message----- > From: Nate Williams [SMTP:nate@mt.sri.com] > Sent: Friday, November 20, 1998 12:58 PM > To: Shannon Wheeler > Cc: FreeBSD isp > Subject: Re: ICMP firewall entry? > > > Something wrong with your subnet mask or you're using non-private IP > > addresses internally. What internal IP addresses are you using and what > > subnet masks? > > I'm not using any private IP addresses, and if my masks were wrong > nothing would get through. Almost everything gets through, but only > certain WWW sites don't work. > > If it were a simple configuratino issue I wouldn't have posted to the > list. It may be an issue with my firewall and ICMP source routing, or > it may be something else completely different. > > > > Nate > > > Shannon Wheeler > > Data & Comm. Tech > > Clearwater Welding & Fabricating Ltd > > Fort McMurray, AB > > > > -----Original Message----- > > From: Nate Williams <nate@mt.sri.com> > > > > > > >David Greenman's recent comment about 'too-string a firewall for ICMP' > > >in one of the lists got me thinking about some machines on my network. > > > > > >Currently, I have a 'home-network' of machines in each employees > > >home, which has it's own dedicated subnet (4 machines, whee!). > However, > > >the machines connected to this subnet can not connect to every WWW > > >server on the net, while the 'gateway' machines for each home have no > > >such problems. > > > > > >Example: > > > > > >Internet <-> Firewall <-> Modem Server <-> Office machines > > > ^ ^ ^ > > > | | | > > > v v v > > > Home networks routers <-> Home machine 1 > > > > > > > > >(home networks routers are multiple machines, each connecting to the > > >modem server from a different house). > > > > > >All routing computers in this case are running FreeBSD, as well as the > > >firewall and modem server. Note, all the office machines work fine, > all > > >of the home network routers work fine, but all of the home machines > work > > >'most of the time'. For example, I can't connect to > www.intellicast.com > > >from my box that I'm typing on now, but if I startup netscape on the > > >router box next to it things work fine. > > > > > >Could this be related to ICMP? The 'router' boxes have two addresses, > > >one is the 'office address' so it appears to be on the office network, > > >but it also has a second address that is one the 'home subnet'. The > > >only thing I can think is that somehow routing isn't working, but for > > >about 80% of the sites on the WWW, everything works peachy? > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9141909996F1D011B8FF00A0C95A661B24B791>