Date: Mon, 17 Jun 2002 20:32:15 +0300 (EEST) From: Mike Futerko <mike@LITech.lviv.ua> To: freebsd-questions@freebsd.org Subject: ipfw + gif Message-ID: <20020617202233.X3574-100000@ah.litech.net>
next in thread | raw e-mail | index | archive | help
Hello list,
I have a problem with firewalling packets on gif interfaces.
I'm using gif for building tunnels, ipfw doesn't see incoming packets that came
on gif interface.
Is it bug or feature? :)
My configuration:
> ifconfig gif2
gif2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 194.44.240.210 --> 213.xxx.xxx.50
inet 10.1.10.4 --> 10.1.11.4 netmask 0xffffffff
> ipfw l 5 6
00005 allow log ip from any to 10.1.11.4
00006 allow log ip from 10.1.11.4 to any
When I ping remote side:
> ping 10.1.11.4
PING 10.1.11.4 (10.1.11.4): 56 data bytes
64 bytes from 10.1.11.4: icmp_seq=0 ttl=64 time=53.578 ms
I can see only outgoing packets in my log and don't see incoming:
> tail -f /var/log/security
Jun 17 20:29:17 brama /kernel: ipfw: 5 Accept ICMP:8.0 10.1.10.4 10.1.11.4 out
via gif2
Jun 17 20:29:21 brama last message repeated 4 times
The same behavior with other gif interfaces.
Regards,
Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617202233.X3574-100000>