01.02.2012 11:36, Eric W. Bates пишет:
> Seems like a silly question; but how does one allow the packets 
> composing a gif tunnel thru ipfw?
> 
> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
> 
> $fwcmd add 00140 allow ipencap from $he_tun to me
> $fwcmd add 00141 allow ipencap from me to $he_tun
> 
> ($he_tun is an Hurricane Electric provider); but neither of them are 
> hit; so that's wrong...
> 
> tcpdump -i em_vlan5 -nnvvs0 ip proto 4
> 
> doesn't show any packets either...

Try:

tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp

Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers.

Eugene Grosbein
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to