Date: Sat, 6 Apr 2002 10:09:01 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: freebsd-net@freebsd.org Subject: Packets lost when forwarding disabled Message-ID: <20020406100901.C62987@itouchlabs.com>
next in thread | raw e-mail | index | archive | help
Hi All After mucking around on a firewall problem on the other side of the world yesterday, the problem was that net.inet.ip.forwarding was set to off * the gateway_enable had been mangled in rc.conf). Packets were being received by the firewall kernel, and happily passed through the firewall ruleset as expected, they then dissapeared. I thought it would be useful to have a sysctl knob which would allow one to cause these packets to be logged. From a security pov it would be interesting to know if people are trying to use you as a gateway? Now for the real question, does somethign like this already exist, and am I going to be re-inventing the whell if I add it to the kernel. I s the another way of doing this? Thanks Barry -- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020406100901.C62987>