From owner-freebsd-security Fri Apr 5 10:37:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from sudz.ns3g.com (CPE0080c6f29e4f.cpe.net.cable.rogers.com [24.43.67.29]) by hub.freebsd.org (Postfix) with ESMTP id 4F9C537B416 for ; Fri, 5 Apr 2002 10:37:38 -0800 (PST) Received: from COOLER (CPE00e029860b4d.cpe.net.cable.rogers.com [24.42.29.172]) by sudz.ns3g.com (8.11.6/8.11.6) with SMTP id g35Ihcr36893; Fri, 5 Apr 2002 13:43:42 -0500 (EST) (envelope-from sudz@ns3g.com) Reply-To: From: "Colin Legendre" To: "Baris Simsek" , "ozkan_kirik" Cc: Subject: RE: Ping problem! Date: Fri, 5 Apr 2002 13:41:44 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020405164130.G2867-100000@hitit.bimel.com.tr> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nope that is wrong, look at the message, he has default to accept set. Colin Legendre CCNP, MCP sudz@ns3g.com http://www.ns3g.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baris Simsek Sent: Friday, April 05, 2002 8:44 AM To: ozkan_kirik Cc: freebsd-security@FreeBSD.ORG Subject: Re: Ping problem! default kernel option is rejecting every packet. you have to add rule to accept which packets you want. Add this rule to test it: ipfw add 10000 allow all from any to any >-------------------------------------------------------------------< Baris Simsek - UNIX Sys. Adm. - Bimel Elektronik - (+90312) 4342245 http://acikkod.org/ On Fri, 5 Apr 2002, ozkan_kirik wrote: > after i built my kernel, i couldnt ping to anywhere even router, & i > couldnt ping to my firewall. > > what the problem can be? > > the options on kernel are: > > IPFIREWALL > IPDIVERT > IPFIREWALL_FORWARD > IPFIREWALL_VERBOSE > IPFIREWALL_VERBOSE_LIMIT=100 > IPFIREWALL_DEFAULT_TO_ACCEPT > IPFILTER > IPFILTER_LOG > TCPDEBUG > TCP_DROP_SYNFIN > DUMMYNET > IPSTEALTH > BRIDGE > > > my rc.conf: > > ... > ... > ... > inetd_enable="YES" > ipv6_enable="YES" > kern_securelevel="2" > kern_securelevel_enable="YES" > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf -FA -f" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="-E" > ipmon_enable="YES" > ipmon_program="/sbin/ipmon" > ipmonflags="-Ds" > ipfirewall_enable="YES" > > > > what can i do? > by now thx 4 yr help. :) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message