allowing gif thru ipfw
Eugene Grosbein
eugen at grosbein.pp.ru
Wed Feb 1 06:55:32 UTC 2012
01.02.2012 11:36, Eric W. Bates пишет:
> Seems like a silly question; but how does one allow the packets
> composing a gif tunnel thru ipfw?
>
> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
>
> $fwcmd add 00140 allow ipencap from $he_tun to me
> $fwcmd add 00141 allow ipencap from me to $he_tun
>
> ($he_tun is an Hurricane Electric provider); but neither of them are
> hit; so that's wrong...
>
> tcpdump -i em_vlan5 -nnvvs0 ip proto 4
>
> doesn't show any packets either...
Try:
tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp
Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers.
Eugene Grosbein
More information about the freebsd-net
mailing list