Date: Fri, 12 Mar 1999 22:50:26 -0500 From: Ron Pritchett <pritchet@bigfoot.com> To: Doug White <dwhite@resnet.uoregon.edu> Cc: hackers@FreeBSD.ORG Subject: Re: Will IPFW pass GRE packets? Message-ID: <3.0.5.32.19990312225026.007dac70@mindspring.com> In-Reply-To: <Pine.BSF.4.03.9903121617560.12940-100000@resnet.uoregon.ed u>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:33 PM 99/03/12 -0800, Doug White wrote: >hello ... > >I wanted to check if IPFW will pass GRE packets in a standard config from >3.0. I'm trying to use the patched natd to translate PPTP packets and >natd isn't seeing them (from what I can tell). Is there anything special >I should do to make sure IP proto 47 packets are getting in and out? > >Thanks for any hints... Have you tried adding a "log" to your deny all statement and then run natd from the console with -v? This is what I had to do when debugging PC Anywhere traffic: 1) Make a kernal with the IPFIREWALL_VERBOSE stuff, install, reboot the box. 2) look thru the process table and kill -15 natd. Run it manually with the -v option 'natd -v -n vr0 -f /etc/natd.conf' in my case. 3) Alt-F2 to another screen. then add a statement like 'ipfw add 64000 deny ip log from any to any' (maybe a 'deny 47' would be needed instead of 'deny ip'???) 4) watch the fun ensue! I hope this was helpful. --- Ron++ Atlanta, GA "This message has been digitally remastered and letterboxed to 16:9 format for your viewing pleasure." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19990312225026.007dac70>