Date: Wed, 01 Feb 2012 00:06:28 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Eugene Grosbein <eugen@grosbein.pp.ru> Cc: freebsd-net@freebsd.org Subject: Re: allowing gif thru ipfw Message-ID: <4F28F284.7070301@FreeBSD.org> In-Reply-To: <4F28E1C7.4060209@grosbein.pp.ru> References: <4F28C168.9010206@ericx.net> <4F28E1C7.4060209@grosbein.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
If it's a hurricane electric tunnel don't you want protocol 41? On 01/31/2012 22:55, Eugene Grosbein wrote: > 01.02.2012 11:36, Eric W. Bates пишет: >> Seems like a silly question; but how does one allow the packets >> composing a gif tunnel thru ipfw? >> >> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules: >> >> $fwcmd add 00140 allow ipencap from $he_tun to me >> $fwcmd add 00141 allow ipencap from me to $he_tun >> >> ($he_tun is an Hurricane Electric provider); but neither of them are >> hit; so that's wrong... >> >> tcpdump -i em_vlan5 -nnvvs0 ip proto 4 >> >> doesn't show any packets either... > > Try: > > tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp > > Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers. > > Eugene Grosbein > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- It's always a long day; 86400 doesn't fit into a short. Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F28F284.7070301>