Date: Wed, 01 Feb 2012 13:55:03 +0700 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: "Eric W. Bates" <ericx@ericx.net> Cc: freebsd-net@freebsd.org Subject: Re: allowing gif thru ipfw Message-ID: <4F28E1C7.4060209@grosbein.pp.ru> In-Reply-To: <4F28C168.9010206@ericx.net>
index | next in thread | previous in thread | raw e-mail
01.02.2012 11:36, Eric W. Bates пишет: > Seems like a silly question; but how does one allow the packets > composing a gif tunnel thru ipfw? > > I assumed a gif was made up of ipencap (IP proto 4) packets and added rules: > > $fwcmd add 00140 allow ipencap from $he_tun to me > $fwcmd add 00141 allow ipencap from me to $he_tun > > ($he_tun is an Hurricane Electric provider); but neither of them are > hit; so that's wrong... > > tcpdump -i em_vlan5 -nnvvs0 ip proto 4 > > doesn't show any packets either... Try: tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers. Eugene Grosbeinhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F28E1C7.4060209>