01.02.2012 11:36, Eric W. Bates пишет: > Seems like a silly question; but how does one allow the packets > composing a gif tunnel thru ipfw? > > I assumed a gif was made up of ipencap (IP proto 4) packets and added rules: > > $fwcmd add 00140 allow ipencap from $he_tun to me > $fwcmd add 00141 allow ipencap from me to $he_tun > > ($he_tun is an Hurricane Electric provider); but neither of them are > hit; so that's wrong... > > tcpdump -i em_vlan5 -nnvvs0 ip proto 4 > > doesn't show any packets either...
Try: tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers. Eugene Grosbein _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"