Date: Mon, 21 Aug 2000 05:30:03 -0700 (PDT) From: Ruslan Ermilov <ru@sunbay.com> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/20714: errant firewall rule response Message-ID: <200008211230.FAA53598@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/20714; it has been noted by GNATS. From: Ruslan Ermilov <ru@sunbay.com> To: markm68k@yahoo.com Cc: bug-followup@FreeBSD.org Subject: Re: misc/20714: errant firewall rule response Date: Mon, 21 Aug 2000 15:20:13 +0300 On Sat, Aug 19, 2000 at 02:33:02AM -0700, markm68k@yahoo.com wrote: > > FreeBSD myhost 4.1-RELEASE FreeBSD 4.1-RELEASE #7: Mon Aug 14 21:32:29 PDT 2000 me@myhost:/usr/src/sys/compile/MYHOST i386 > > Setting up a firewall rule to send the icmp unreachable for a tcp connection > causes the icmp response that is sent to say that the firewall itself is > unreachable. > > 1. install FreeBSD 4.1-RELEASE > 2. configure an "open" firewall > 3. configure a natd alias internal interface. > 3. add a "unreach host-prohib" rule (e.g. telnet) > 4. from a computer connected to the FreeBSD computer behind a natd > connection, try to connect to the unreachable host via tcp (e.g. telnet) > 5. watch the results from tcpdump. > I cannot reproduce this. Could you please send me (in private mail) the output of `ifconfig -a inet', `ipfw list', `grep natd_ /etc/rc.conf*' and `tcpdump' output? -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008211230.FAA53598>