allowing gif thru ipfw

Doug Barton dougb at
Wed Feb 1 08:06:30 UTC 2012

If it's a hurricane electric tunnel don't you want protocol 41?

On 01/31/2012 22:55, Eugene Grosbein wrote:
> 01.02.2012 11:36, Eric W. Bates пишет:
>> Seems like a silly question; but how does one allow the packets 
>> composing a gif tunnel thru ipfw?
>> I assumed a gif was made up of ipencap (IP proto 4) packets and added rules:
>> $fwcmd add 00140 allow ipencap from $he_tun to me
>> $fwcmd add 00141 allow ipencap from me to $he_tun
>> ($he_tun is an Hurricane Electric provider); but neither of them are 
>> hit; so that's wrong...
>> tcpdump -i em_vlan5 -nnvvs0 ip proto 4
>> doesn't show any packets either...
> Try:
> tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp
> Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers.
> Eugene Grosbein
> _______________________________________________
> freebsd-net at mailing list
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at"


	It's always a long day; 86400 doesn't fit into a short.

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the freebsd-net mailing list