From owner-freebsd-security@FreeBSD.ORG Mon Sep 29 23:09:27 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C86E16A4B3 for ; Mon, 29 Sep 2003 23:09:27 -0700 (PDT) Received: from amk-drives.bg (ns.amk-drives.bg [62.73.77.208]) by mx1.FreeBSD.org (Postfix) with SMTP id 37DE643FAF for ; Mon, 29 Sep 2003 23:09:20 -0700 (PDT) (envelope-from niki@amk-drives.bg) Received: (qmail 70413 invoked by uid 1005); 30 Sep 2003 06:03:57 -0000 Received: from unknown (HELO kanchev) (192.168.0.13) by 192.168.0.100 with SMTP; 30 Sep 2003 06:03:55 -0000 Message-ID: <009201c38729$085430d0$0d00a8c0@amkdrives.bg> From: "Nikolay Kanchev" To: "echelon" , References: <20030930032735.73176.qmail@web41204.mail.yahoo.com> Date: Tue, 30 Sep 2003 09:01:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS perl-11 Subject: Re: IPFILTER_DEFAULT_BLOCK & No route to host X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2003 06:09:27 -0000 You should enable ICMP protocol to your server from You are want - LAN or outside. ICMP protocol is used by ping utility. When You add IPFILTER_DEFAULT_BLOCK Your firewall stop all, that is not allowed, including ICMP packets and You can't ping server. ----- Original Message ----- From: "echelon" To: ; Sent: Tuesday, September 30, 2003 4:27 AM Subject: IPFILTER_DEFAULT_BLOCK & No route to host > Hi, > > After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd > with tag RELENG_4_8), the machine cannot be ping'd by others on the same network. > > In addition, the machine cannot ping itself. > > ping localhost (or 127.0.0.1) -> no route to host > ping itself with its own ip address -> no route to host > > The freebsd box, with an external pppoe connection, is configured as a gateway with nat. > Interestingly, all machines on the lan can access the internet via the freebsd box normally even > though the freebsd box cannot be ping'd from these machines. > > The routing table is fine. All these problems go away if I remove the option > IPFILTER_DEFAULT_BLOCK from the kernel conf. I make clean before buildworld/kernel. > > > Thank you. > e_chelon > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >