IPFW via command problem
Jaime
jaime at snowmoon.com
Sat Dec 13 23:23:37 PST 2003
On Sunday, December 14, 2003, at 01:49 AM, Ian Moore wrote:
> # Allow outgoing pings
> ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
> ${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}
>
> where I have defined ${oif} as
> oif="xl1"
> where xl1 is my external interface
>
> The above lines don't allow pings to the outside world, but if I
> comment out
> via ${oif} then it does allow them.
I'd have to know more about your firewall to be certain, but it looks
kind of like you've over-looked the IFPW rules that would be needed by
your internal interface. If the external interface allows pings but
the internal doesn't, then it won't let pings pass through the box.
They will be stopped at the internal interface on their way from your
internal workstation to the firewall.
Hope that helps,
Jaime
More information about the freebsd-questions
mailing list