From owner-freebsd-questions Thu Sep 20 14:40:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.24]) by hub.freebsd.org (Postfix) with ESMTP id 3B33837B412 for ; Thu, 20 Sep 2001 14:40:46 -0700 (PDT) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw3a.lmco.com (8.8.8/8.8.8) with ESMTP id RAA13680; Thu, 20 Sep 2001 17:40:41 -0400 (EDT) Received: from CONVERSION-DAEMON by lmco.com (PMDF V5.2-32 #38886) id <0GJZ00J01DHX92@lmco.com>; Thu, 20 Sep 2001 14:40:17 -0700 (PDT) Received: from cui1.lmms.lmco.com ([129.197.1.64]) by lmco.com (PMDF V5.2-32 #38886) with ESMTP id <0GJZ009EIDI8H9@lmco.com>; Thu, 20 Sep 2001 14:39:44 -0700 (PDT) Received: from lmco.com (CONNECTICUT1.lmms.lmco.com [129.197.23.84]) by cui1.lmms.lmco.com (8.11.0/8.9.2) with ESMTP id f8KLdg614232; Thu, 20 Sep 2001 14:39:43 -0700 (PDT) Date: Thu, 20 Sep 2001 14:39:44 -0700 From: rick norman Subject: Re: ipfw To: cjclark@alum.mit.edu Cc: Paul Herman , freebsd-questions@freebsd.org Message-id: <3BAA621F.95A88C1D@lmco.com> MIME-version: 1.0 X-Mailer: Mozilla 4.77 [en] (WinNT; U) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en References: <20010920130530.W9645-100000@tick.sc.omation.com> <3BAA573C.3B180146@lmco.com> <20010920141036.H309@blossom.cjclark.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The only other rule in the list is the last which is "65535 allow ip from any to any". The sysctl var one_pass is set to one though I tried it both ways. I understood the one_pass=1 to interject the pkt back into ip after the pipe so that it would get sent back. If I do an ipfw flush, the pkt is returned with no problem. ipfw list yields the following : 00100 pipe 1 icmp from any to any 65535 allow ip from any to any I figured out my delete problem, I was referencing the pipe number instead of the rule number. "Crist J. Clark" wrote: > On Thu, Sep 20, 2001 at 01:53:16PM -0700, rick norman wrote: > > No, it seems to have no effect. > > > > Paul Herman wrote: > > > > > On Tue, 18 Sep 2001, rick norman wrote: > > > > > > > I am attempting to use ipfw and dummynet to instrument some network > > > > traffic tests. I am running freebsd 4.3 release and have built the > > > > kernel > > > > with ipfirewall, dummynet, and default to enabled. For a simple test, I > > > > > > > > added a pipe "ipfw add pipe 1 icmp from any to any". When I ping this > > > > machine, I can do "ipfw pipe 1 show" and watch the counters increment, > > > > but the machine doing the pinging does not see a response to the ping. > > > > > > Does "sysctl net.inet.ip.fw.one_pass=0" help? > > Actually, I think Paul may have meant, > > # sysctl -w net.inet.ip.fw.one_pass=1 > > Or else you need a rule after the 'pipe' rule to actually pass the > ICMP. When you do a, > > # ipfw show > > While pinging, are other rules incrementing? Where do these ICMP > packets end up going in the firewall rules? > -- > Crist J. Clark cjclark@alum.mit.edu -- Logically speaking, logic is not the answer. Rick Norman rick.norman@lmco.com 408 742 1619 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message