From owner-freebsd-net@FreeBSD.ORG Sun Aug 15 20:20:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32D9916A4CE for ; Sun, 15 Aug 2004 20:20:10 +0000 (GMT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93713440F7 for ; Sun, 15 Aug 2004 20:20:08 +0000 (GMT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 3000) id 4243311959; Sun, 15 Aug 2004 22:20:07 +0200 (CEST) Date: Sun, 15 Aug 2004 22:20:07 +0200 From: "Simon L. Nielsen" To: Colin Alston Message-ID: <20040815202006.GI684@arthur.nitro.dk> References: <4a1299a404081414287a9ecbc@mail.gmail.com> <20040815104243.GA43915@shellma.zin.lublin.pl> <4a1299a4040815113178caa332@mail.gmail.com> <411FBF4D.9090706@karnaugh.za.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TKYYegg/GYAC5JIZ" Content-Disposition: inline In-Reply-To: <411FBF4D.9090706@karnaugh.za.net> User-Agent: Mutt/1.5.6i cc: Fargo Holiday cc: freebsd-net@freebsd.org Subject: Re: [FreeBSD 5.2] Bandwith and packet throttling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 20:20:10 -0000 --TKYYegg/GYAC5JIZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.08.15 21:53:49 +0200, Colin Alston wrote: >=20 > >Thanks for the reply. The ICMP was more experiment than anything, I've > >sinced removed it. Here are the results of the show commands: > > > >cramster# ipfw show > >00050 14819576 8458459132 divert 8668 ip from any to any via dc0 > >00100 250 32470 allow ip from any to any via lo0 > >00200 0 0 deny ip from any to 127.0.0.0/8 > >00300 0 0 deny ip from 127.0.0.0/8 to any > >65000 44478701 31835950367 allow ip from any to any > >65100 0 0 pipe 1 ip from 10.0.0.8 to any > >65200 0 0 pipe 2 ip from any to 10.0.0.8 > >65535 0 0 deny ip from any to any > > > I think you're clearly being a bit silly here. > Remove rules 00200 and 00300 (I dont know why on this green earth you'd > deny loopback) Eh, that's not silly at all; that the default firewall rules from a stock /etc/rc.firewall on FreeBSD. Note rule 100 which allows loopback traffic. Rule 200/300 just makes sure nobody tries to spoof loopback traffic from a real network interface. [simon@arthur:~] sudo ipfw list | head -n 3 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any --=20 Simon L. Nielsen FreeBSD Documentation Team --TKYYegg/GYAC5JIZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBH8V2h9pcDSc1mlERAgraAJ9FMpIC60vBJKWswkxwGAqD5odZhQCfcfDT 1gN6/4sEFddN3atuvFdopcI= =nBG+ -----END PGP SIGNATURE----- --TKYYegg/GYAC5JIZ--