Date: Fri, 7 Sep 2001 21:54:29 +0200 From: "Thibault Bautze" <rws_pd@gmx.de> To: <freebsd-net@freebsd.org> Subject: Re: nat problems Message-ID: <005c01c137d6$e7ea3720$817b7b7b@my.network.net>
next in thread | raw e-mail | index | archive | help
----- Original Message -----
> > I found that you cannot ping this sites, even if I'm sitting on the
firewall
> > or connectet with my
> > windows box directly to the internet.
> > Here is the result for a ping:
> >
> > # ping www.gmx.de
> > PING www.gmx.de (213.165.65.100): 56 data bytes
> > 36 bytes from 62.156.128.226: Communication prohibited by filter
> > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
> > 4 5 00 5400 00ff 0 0000 fa 01 8d4c 217.1.yy.xx 213.165.65.100
> > --- www.gmx.de ping statistics ---
> > 16 packets transmitted, 0 packets received, 100% packet loss
> >
> > 62.156.128.226 is in this case the other side of the ppp tunel, my ISP (
> > t-online,
> > Germany if it can help )
> >
> > But I'm not sure if it makes a difference, if you can ping them or not.
I
> > got
> > the same result with ping www.microsoft.com ( bad example, I know ; ) )
,
> > but I can open this site on my
> > freebsd or windows box.
>
> It makes a difference because the firewall is blocking ICMP which is used
> to allow the maximum packet size negotiation.
>
Even if I use IPFIREWALL_DEFAULT_TO_ACCEPT ?
I'm just configuring the router, the firewall funtions comes later.
Thanks for your advices,
Thibault Bautze
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005c01c137d6$e7ea3720$817b7b7b>