From owner-freebsd-net Mon Mar 18 17:36: 5 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id 9C60A37B416 for ; Mon, 18 Mar 2002 17:36:01 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020319013600.GIET1214.rwcrmhc54.attbi.com@blossom.cjclark.org>; Tue, 19 Mar 2002 01:36:00 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2J1a0R61418; Mon, 18 Mar 2002 17:36:00 -0800 (PST) (envelope-from cjc) Date: Mon, 18 Mar 2002 17:35:56 -0800 From: "Crist J. Clark" To: Peter Brezny Cc: freebsd-net@FreeBSD.ORG Subject: Re: icmp 5 Message-ID: <20020318173556.D60554@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from pbrezny@purplecat.net on Mon, Mar 18, 2002 at 02:33:34PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 18, 2002 at 02:33:34PM -0500, Peter Brezny wrote: > Hi Everyone, > > Where can i find an explanation of the different icmp types. > > I ran across some standard firewall rulesets that say these types are > required: > # Allow required ICMP > $fwcmd add allow icmp from any to any icmptypes 3,4,11,12 keep-state > > And now I've got a cisco router that's wanting a response from an icmp type > 5. > > What is type 5 for, and where can i get some more info on the different > types in an icmp packet. > > Well, I just partly answered my question with a quick google search for icmp > type > > http://www.iana.org/assignments/icmp-parameters > > > However, I'm still needing some more info. Why would my router be sending > redirect ICMP info to this host? Go to the source. RFC 792. > And are the required ICMP types in the firewall rule above really adequate? They are definately not inadequate in the sense that they are not permissive enough. People can do Really Bad Things with redirect messages. > Here's what's showing up in the system report: > > ipfw: 65435 Deny ICMP:5.0 router.ip.address host.ip.adress in via xl0 Run, # tcpdump -nvv -ixl0 'icmp' To see what packets are generating the redirects. You may wish to change your routing accordingly. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message