Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Apr 2002 13:10:53 +0200
From:      Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
To:        "Krzysztof Zaraska" <kzaraska@student.uci.agh.edu.pl>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Ping problem!
Message-ID:  <20020405131053.442ecc01.kzaraska@student.uci.agh.edu.pl>
In-Reply-To: <20020405125944.10c361c8.kzaraska@student.uci.agh.edu.pl>
References:  <a8jkld%2Bpdum@eGroups.com> <20020405125944.10c361c8.kzaraska@student.uci.agh.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 5 Apr 2002 12:59:44 +0200 Krzysztof Zaraska wrote:

> On Fri, 05 Apr 2002 07:44:45 -0000 ozkan_kirik wrote:
> 
> > after i built my kernel, i couldnt ping to anywhere even router, & i 
> > couldnt ping to my firewall.
> 
> I don't quite understand you... Usually the firewall should be setup the
> way allowing you to ping outside host, but the external world should not
> be able to ping you. 
>  
> > what the problem can be?
> > 
> > the options on kernel are:
> > 
> > IPFIREWALL
> > IPDIVERT
> > IPFIREWALL_FORWARD
> > IPFIREWALL_VERBOSE
> > IPFIREWALL_VERBOSE_LIMIT=100
> > IPFIREWALL_DEFAULT_TO_ACCEPT
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> This will let through any traffic not explicitely denied. 
> 
> Standard recommended setup is 'default to deny'. 
> 
> > IPFILTER
> > IPFILTER_LOG
> 
> Are you sure you want to run both ipf and ipfw at the same time?

Ooops, missed previous thread on the subject. Sorry. It _makes_ sense. 

Did you try looking at counters for each firewall rule and/or your logs
while pinging? You may have a misconfigured ruleset, ending up in dropping
packets that should be let through. Just a guess. 

-- 
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//		-- Stanislaw Lem



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020405131053.442ecc01.kzaraska>