From owner-freebsd-security  Wed Sep 26 23:19:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta10.onebox.com (mta10.onebox.com [64.68.76.184])
	by hub.freebsd.org (Postfix) with ESMTP id C15C737B43B
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Sep 2001 23:19:36 -0700 (PDT)
Received: from onebox.com ([10.1.111.10]) by mta10.onebox.com
          (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP
          id <20010927061935.UUFZ16495.mta10.onebox.com@onebox.com>;
          Wed, 26 Sep 2001 23:19:35 -0700
Received: from [203.144.226.118] by onebox.com with HTTP; Wed, 26 Sep 2001 23:19:35 -0700
Date: Wed, 26 Sep 2001 23:19:35 -0700
Subject: How to config IPFW for enable ping and traceroute
From: "Chutima S." <chutima@onebox.com>
To: freebsd-security@FreeBSD.ORG
Cc: chutima@infoquest.co.th
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Message-Id: <20010927061935.UUFZ16495.mta10.onebox.com@onebox.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi

I read from Firewall handbook as below:
icmptypes types 
Matches if the ICMP type is present in the list types. The list may be
specified as any combination of ranges and/or individual types separated
by commas. Commonly used ICMP types are: 0 echo reply (ping reply), 3
destination unreachable, 5 redirect, 8 echo request (ping request), and
11 time exceeded (used to indicate TTL expiration as with traceroute(8)).

So I config ipfw for icmp as following:

ipfw add pass icmp from <internal> to any icmptypes 8
ipfw add pass icmp from any to <internal> icmptypes 0
ipfw add pass icmp from any to <internal> icmptypes 11

I can ping but I can not traceroute.  Anything wrong with my config?

Thanks
Chutima S.

-- 
Chutima S.
chutima@onebox.com - email
(202) 777-2646 x5475 - voicemail/fax



__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message