On 3/29/07, Steve Bertrand <[EMAIL PROTECTED]> wrote:
Michael Grant wrote:
> I'm fairly sure the problem is not in ipf, something I've been running
> for years on other machines. If run ipmon, it shows me what's being
> blocked and by which rule. Pings are not being blocked by ipf.
>
> The relevent ipf rules are:
>
> block in log on em0 all head 100
> pass in quick proto icmp from any to any keep frags group 100
> block out on em0 all head 200
> pass out quick proto icmp all keep state keep frags group 200
>
> ipfw, which I didn't really intend on using but it seems to be enabled
> anyway, I have this:
>
> 10000 allow icmp from any to any icmptypes 8 out
> 10100 allow icmp from any to any icmptypes 0 in
> 10200 allow icmp from any to any icmptypes 11 in
> 65535 allow ip from any to any
>
> Is there an equivalent of ipmon for ipfw?
# ipfw show
Also, during your tcpdump, did you see the icmp replies going back out,
or just coming in?
I saw the pings arriving but no response.
Steve
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
