From owner-freebsd-questions@FreeBSD.ORG  Tue Nov  6 22:41:44 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 21D3216A418
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Nov 2007 22:41:44 +0000 (UTC)
	(envelope-from malcolm.clarke@brunel.ac.uk)
Received: from astro.systems.pipex.net (astro.systems.pipex.net [62.241.163.6])
	by mx1.freebsd.org (Postfix) with ESMTP id E0A4D13C4B2
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Nov 2007 22:41:43 +0000 (UTC)
	(envelope-from malcolm.clarke@brunel.ac.uk)
Received: from [192.168.0.101] (81-86-251-96.dsl.pipex.com [81.86.251.96])
	by astro.systems.pipex.net (Postfix) with ESMTP id 79737E0009B1
	for <freebsd-questions@freebsd.org>;
	Tue,  6 Nov 2007 22:10:58 +0000 (GMT)
Message-ID: <4730E659.4020303@brunel.ac.uk>
Date: Tue, 06 Nov 2007 22:10:33 +0000
From: Malcolm Clarke <malcolm.clarke@brunel.ac.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IPFW and ICMP with timestamp option
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2007 22:41:44 -0000

I have configured a machine with 2 NIC and IPFW in a rather simplistic 
way as we are using it to emulate different link characteristics rather 
than as an actual firewall.

00100 4 355 pipe 1 ip from any to any via de0 
in                              
00200 1  56 pipe 2 ip from any to any via de0 
out                             
00300 0   0 pipe 3 ip from any to any via de1 
in                              
00400 3 288 pipe 4 ip from any to any via de1 
out                             
65535 4 246 deny ip from any to 
any                                           

The configuration works fine and traffic crosses the firewall without 
problem, except ICMP packets having timestamp or routing option, and 
these are not returned.

Is there a way to allow these packets to enter/exit the firewall?

Regards

Malcolm

-- 
---------------------------------------------------
Dr Malcolm Clarke
Senior Lecturer in Data Communication Systems and Telemedicine
Department of Information Systems and Computing
Brunel University
Uxbridge
Middlesex
UB8 3PH
UK

Tel: +44 1895 265053
Fax: +44 1895 251686
http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people

----------------------------------------------------