From owner-freebsd-bugs Mon Aug 21 5:30: 5 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9FA7337B42C for ; Mon, 21 Aug 2000 05:30:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id FAA53598; Mon, 21 Aug 2000 05:30:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 21 Aug 2000 05:30:03 -0700 (PDT) Message-Id: <200008211230.FAA53598@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Ruslan Ermilov Subject: Re: misc/20714: errant firewall rule response Reply-To: Ruslan Ermilov Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/20714; it has been noted by GNATS. From: Ruslan Ermilov To: markm68k@yahoo.com Cc: bug-followup@FreeBSD.org Subject: Re: misc/20714: errant firewall rule response Date: Mon, 21 Aug 2000 15:20:13 +0300 On Sat, Aug 19, 2000 at 02:33:02AM -0700, markm68k@yahoo.com wrote: > > FreeBSD myhost 4.1-RELEASE FreeBSD 4.1-RELEASE #7: Mon Aug 14 21:32:29 PDT 2000 me@myhost:/usr/src/sys/compile/MYHOST i386 > > Setting up a firewall rule to send the icmp unreachable for a tcp connection > causes the icmp response that is sent to say that the firewall itself is > unreachable. > > 1. install FreeBSD 4.1-RELEASE > 2. configure an "open" firewall > 3. configure a natd alias internal interface. > 3. add a "unreach host-prohib" rule (e.g. telnet) > 4. from a computer connected to the FreeBSD computer behind a natd > connection, try to connect to the unreachable host via tcp (e.g. telnet) > 5. watch the results from tcpdump. > I cannot reproduce this. Could you please send me (in private mail) the output of `ifconfig -a inet', `ipfw list', `grep natd_ /etc/rc.conf*' and `tcpdump' output? -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message