Return-icmp doesn't work [Was: Re: Recent panics caused by pf]
Emanuel Strobl
emanuel.strobl at gmx.net
Fri Mar 11 04:50:58 PST 2005
Am Freitag, 11. März 2005 13:10 schrieb Emanuel Strobl:
> I'm on the firewall again and verified that block return works for tcp-rst,
> but not for return-icmp (with or without code), it seems packets just get
> droped, regardless for which protocol (tested UDP, ICMP, TCP).
Sorry for the noise, it's my mistake, ping doesn't show me the error message.
I think I can remember that the last time I created/tested a ruleset (with
4.6) I got detaild error messages like
"telnet: connect to address 82.135.28.195: Destination Host Unreachable"
but now I just get
"telnet: connect to address 82.135.28.195: Connection refused"
without the error report.
Is it possible that in former times these ICMP error messages were printed on
the console which now the kernel doesn't anymore?
>
> Then I have another problem which may be a design problem.
> I am multihomed and have several pass reply-to rules. So far things are
> working fine but block return doesn't! Of course, the return gets over the
> default route, so what I needed is a block return route-to or something
> like that.
> Do you know any detour how this could be achieved?
This problem is still unsolved :(
Thnaks,
-Harry
>
> Thanks,
>
> -Harry
>
> > > Thanks,
> > >
> > >
> > > -Harry (P.S.: Emanuel and Harry are the same persons (me) the gmx
> > > address is just a fake identity for mailing lists)
> >
> > okay ... you see us perplexed ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050311/1e5b47e4/attachment-0001.bin
More information about the freebsd-stable
mailing list