From owner-freebsd-security  Fri Apr  5  5:38:50 2002
Delivered-To: freebsd-security@freebsd.org
Received: from hitit.bimel.com.tr (hitit.bimel.com.tr [212.175.97.140])
	by hub.freebsd.org (Postfix) with ESMTP id EB4C337B41F
	for <freebsd-security@freebsd.org>; Fri,  5 Apr 2002 05:38:36 -0800 (PST)
Received: (from root@localhost)
	by hitit.bimel.com.tr (8.11.6/8.11.6) id g35DiIs03367;
	Fri, 5 Apr 2002 16:44:19 +0300 (EEST)
	(envelope-from simsek@bimel.com.tr)
Received: from localhost (simsek@localhost)
	by hitit.bimel.com.tr (8.11.6/8.11.6av) with ESMTP id g35Di9R03341;
	Fri, 5 Apr 2002 16:44:13 +0300 (EEST)
	(envelope-from simsek@bimel.com.tr)
X-Authentication-Warning: hitit.bimel.com.tr: simsek owned process doing -bs
Date: Fri, 5 Apr 2002 16:44:08 +0300 (EEST)
From: Baris Simsek <simsek@bimel.com.tr>
To: ozkan_kirik <ozkan_kirik@yahoo.com>
Cc: <freebsd-security@freebsd.org>
Subject: Re: Ping problem!
In-Reply-To: <a8jkld+pdum@eGroups.com>
Message-ID: <20020405164130.G2867-100000@hitit.bimel.com.tr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

	default kernel option is rejecting every packet. you have to add
rule to accept which packets you want. Add this rule to test it:

	ipfw add 10000 allow all from any to any

>-------------------------------------------------------------------<
 Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245
                          http://acikkod.org/

On Fri, 5 Apr 2002, ozkan_kirik wrote:

> after i built my kernel, i couldnt ping to anywhere even router, & i
> couldnt ping to my firewall.
>
> what the problem can be?
>
> the options on kernel are:
>
> IPFIREWALL
> IPDIVERT
> IPFIREWALL_FORWARD
> IPFIREWALL_VERBOSE
> IPFIREWALL_VERBOSE_LIMIT=100
> IPFIREWALL_DEFAULT_TO_ACCEPT
> IPFILTER
> IPFILTER_LOG
> TCPDEBUG
> TCP_DROP_SYNFIN
> DUMMYNET
> IPSTEALTH
> BRIDGE
>
>
> my rc.conf:
>
> ...
> ...
> ...
> inetd_enable="YES"
> ipv6_enable="YES"
> kern_securelevel="2"
> kern_securelevel_enable="YES"
> ipfilter_enable="YES"
> ipfilter_program="/sbin/ipf -FA -f"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags="-E"
> ipmon_enable="YES"
> ipmon_program="/sbin/ipmon"
> ipmonflags="-Ds"
> ipfirewall_enable="YES"
>
>
>
> what can i do?
> by now thx 4 yr help. :)
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message