mg-fbsd3 at grant.org
Thu Mar 29 18:28:53 UTC 2007
I'm fairly sure the problem is not in ipf, something I've been running
for years on other machines. If run ipmon, it shows me what's being
blocked and by which rule. Pings are not being blocked by ipf.
The relevent ipf rules are:
block in log on em0 all head 100
pass in quick proto icmp from any to any keep frags group 100
block out on em0 all head 200
pass out quick proto icmp all keep state keep frags group 200
ipfw, which I didn't really intend on using but it seems to be enabled
anyway, I have this:
10000 allow icmp from any to any icmptypes 8 out
10100 allow icmp from any to any icmptypes 0 in
10200 allow icmp from any to any icmptypes 11 in
65535 allow ip from any to any
Is there an equivalent of ipmon for ipfw?
On 3/29/07, Bill Moran <wmoran at potentialtech.com> wrote:
> In response to "Michael Grant" <mg-fbsd3 at grant.org>:
> > A while ago I installed 6.1 on a box. I noticed that I cannot ping
> > this box even though I can log into it. The pings are arriving at the
> > box because I can see them with tcp dump. They're not being blocked
> > by ipf because nothing shows up in ipmon. I added rules specifically
> > to allow icmp in ipfw, even though ipfw was wide open allowing
> > everything in and out. My box still does not respond to pings. Is
> > there something I need to do to manually enable pings on freebsd 6?
> There is nothing special that needs done for FreeBSD 6 to respond to
> Are you using IPFW or ipfilter? You seem to indicate that you're using
> both, which would not be the best of ideas. Post your firewall rules
> so list members can have a look. Are you sure the machine that is sending
> pings is not firewalling off the ICMP responses?
> Bill Moran
More information about the freebsd-questions