Date: Sun, 14 Dec 2003 02:23:29 -0500 From: Jaime <jaime@snowmoon.com> To: Ian Moore <imoore@picknowl.com.au> Cc: freebsd-questions@FreeBSD.org Subject: Re: IPFW via command problem Message-ID: <6A78C498-2E06-11D8-AD0A-000393193538@snowmoon.com> In-Reply-To: <200312141719.26819.imoore@picknowl.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday, December 14, 2003, at 01:49 AM, Ian Moore wrote:
> # Allow outgoing pings
> ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
> ${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}
>
> where I have defined ${oif} as
> oif="xl1"
> where xl1 is my external interface
>
> The above lines don't allow pings to the outside world, but if I
> comment out
> via ${oif} then it does allow them.
I'd have to know more about your firewall to be certain, but it looks
kind of like you've over-looked the IFPW rules that would be needed by
your internal interface. If the external interface allows pings but
the internal doesn't, then it won't let pings pass through the box.
They will be stopped at the internal interface on their way from your
internal workstation to the firewall.
Hope that helps,
Jaime
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6A78C498-2E06-11D8-AD0A-000393193538>