Date: Wed, 26 Sep 2001 23:19:35 -0700 From: "Chutima S." <chutima@onebox.com> To: freebsd-security@FreeBSD.ORG Cc: chutima@infoquest.co.th Subject: How to config IPFW for enable ping and traceroute Message-ID: <20010927061935.UUFZ16495.mta10.onebox.com@onebox.com>
next in thread | raw e-mail | index | archive | help
Hi I read from Firewall handbook as below: icmptypes types Matches if the ICMP type is present in the list types. The list may be specified as any combination of ranges and/or individual types separated by commas. Commonly used ICMP types are: 0 echo reply (ping reply), 3 destination unreachable, 5 redirect, 8 echo request (ping request), and 11 time exceeded (used to indicate TTL expiration as with traceroute(8)). So I config ipfw for icmp as following: ipfw add pass icmp from <internal> to any icmptypes 8 ipfw add pass icmp from any to <internal> icmptypes 0 ipfw add pass icmp from any to <internal> icmptypes 11 I can ping but I can not traceroute. Anything wrong with my config? Thanks Chutima S. -- Chutima S. chutima@onebox.com - email (202) 777-2646 x5475 - voicemail/fax __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927061935.UUFZ16495.mta10.onebox.com>