Re: Problems with icmp and ipfilter.
This is a discussion on Re: Problems with icmp and ipfilter. within the IPFilter forums, part of the System Security and Security Related category; Scott Walker wrote: > block in proto icmp all > pass in quick on fxp0 proto icmp from any to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-11-2006
|
|||
|
|||
Re: Problems with icmp and ipfilter.
Scott Walker wrote:
> block in proto icmp all > pass in quick on fxp0 proto icmp from any to any icmp-type echo > pass in quick on fxp0 proto icmp from any to any icmp-type echorep > pass in quick on xl0 proto icmp from any to any icmp-type echo > pass in quick on xl0 proto icmp from any to any icmp-type echorep > pass in quick on tun0 proto icmp from any to any icmp-type echo > pass in quick on tun0 proto icmp from any to any icmp-type echorep > > Should the above rules allow me to ping across networks? The FW itself > can ping all the hosts on both sides, but for example hosts strung off > the tun0 VPN tunnel can't ping the FW, hosts on xl0 (internal lan) can't > ping the FW or hosts on the VPN. > > Am I missing something? This seems pretty simple to do. do the tunneled packets appear as ICMP or raw IP? what is the output of ipfstat -hio? -Mike 
|
Linear Mode
