From owner-freebsd-hackers  Fri Mar 12 19:50:56 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from atl1.america.net (atl1.america.net [199.170.121.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7E54E14CCE
	for <hackers@FreeBSD.ORG>; Fri, 12 Mar 1999 19:50:49 -0800 (PST)
	(envelope-from pritchet@bigfoot.com)
Received: from fury (tnt1-41.america.net [206.67.248.41])
	by atl1.america.net (8.9.1/8.9.1) with SMTP id WAA01032;
	Fri, 12 Mar 1999 22:50:27 -0500 (EST)
Message-Id: <3.0.5.32.19990312225026.007dac70@mindspring.com>
X-Sender: pritchett@mindspring.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Fri, 12 Mar 1999 22:50:26 -0500
To: Doug White <dwhite@resnet.uoregon.edu>
From: Ron Pritchett <pritchet@bigfoot.com>
Subject: Re: Will IPFW pass GRE packets?
Cc: hackers@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.03.9903121617560.12940-100000@resnet.uoregon.ed
 u>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 04:33 PM 99/03/12 -0800, Doug White wrote:
>hello ...
>
>I wanted to check if IPFW will pass GRE packets in a standard config from
>3.0.  I'm trying to use the patched natd to translate PPTP packets and
>natd isn't seeing them (from what I can tell).  Is there anything special
>I should do to make sure IP proto 47 packets are getting in and out?
>
>Thanks for any hints...

Have you tried adding a "log" to your deny all statement and then run natd
from
the console with -v?

This is what I had to do when debugging PC Anywhere traffic:

1) Make a kernal with the IPFIREWALL_VERBOSE stuff, install, reboot the box.

2) look thru the process table and kill -15 natd. Run it manually with the
-v option
'natd -v -n vr0 -f /etc/natd.conf' in my case.

3) Alt-F2 to another screen.
then add a statement like 'ipfw add 64000 deny ip log from any to any'
(maybe a 'deny 47' would be needed instead of 'deny ip'???)

4) watch the fun ensue!


I hope this was helpful.
---
Ron++
Atlanta, GA

"This message has been digitally remastered and 
 letterboxed to 16:9 format for your viewing pleasure."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message