allowing gif thru ipfw
Doug Barton
dougb at FreeBSD.org
Wed Feb 1 08:06:30 UTC 2012
If it's a hurricane electric tunnel don't you want protocol 41?
On 01/31/2012 22:55, Eugene Grosbein wrote:
> 01.02.2012 11:36, Eric W. Bates пишет:
>> Seems like a silly question; but how does one allow the packets
>> composing a gif tunnel thru ipfw?
>>
>> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
>>
>> $fwcmd add 00140 allow ipencap from $he_tun to me
>> $fwcmd add 00141 allow ipencap from me to $he_tun
>>
>> ($he_tun is an Hurricane Electric provider); but neither of them are
>> hit; so that's wrong...
>>
>> tcpdump -i em_vlan5 -nnvvs0 ip proto 4
>>
>> doesn't show any packets either...
>
> Try:
>
> tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp
>
> Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers.
>
> Eugene Grosbein
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the freebsd-net
mailing list