From owner-freebsd-questions  Tue Jun 18  1:52:26 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.litech.net (mail.litech.net [193.232.65.38])
	by hub.freebsd.org (Postfix) with ESMTP id 51EC637B406
	for <freebsd-questions@freebsd.org>; Tue, 18 Jun 2002 01:52:19 -0700 (PDT)
Received: from ah.litech.net (ah.litech.net [193.232.65.1])
	by mail.litech.net (Postfix) with ESMTP id 049F83F7A
	for <freebsd-questions@freebsd.org>; Tue, 18 Jun 2002 11:52:13 +0300 (EET DST)
	(envelope-from mike@LITech.lviv.ua)
Date: Tue, 18 Jun 2002 11:52:12 +0300 (EEST)
From: Mike Futerko <mike@LITech.lviv.ua>
X-X-Sender: mike@ah.litech.net
To: freebsd-questions@freebsd.org
Subject: Re: ipfw + gif
In-Reply-To: <20020617202233.X3574-100000@ah.litech.net>
Message-ID: <20020618114913.Q10256-100000@ah.litech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

Note that it is only when I'm using IPsec between
194.xxx.xxx.210 and 213.xxx.xxx.50

Could someone give me suggestions how to fix this?

Regards,
Mike.


> Hello list,
>
> I have a problem with firewalling packets on gif interfaces.
> I'm using gif for building tunnels, ipfw doesn't see incoming packets that came
> on gif interface.
>
> Is it bug or feature? :)
>
> My configuration:
>
> > ifconfig gif2
> gif2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>         tunnel inet 194.xxx.xxx.210 --> 213.xxx.xxx.50
>         inet 10.1.10.4 --> 10.1.11.4 netmask 0xffffffff
>
> > ipfw l 5 6
> 00005 allow log ip from any to 10.1.11.4
> 00006 allow log ip from 10.1.11.4 to any
>
> When I ping remote side:
> > ping 10.1.11.4
> PING 10.1.11.4 (10.1.11.4): 56 data bytes
> 64 bytes from 10.1.11.4: icmp_seq=0 ttl=64 time=53.578 ms
>
> I can see only outgoing packets in my log and don't see incoming:
> > tail -f /var/log/security
>
> Jun 17 20:29:17 brama /kernel: ipfw: 5 Accept ICMP:8.0 10.1.10.4 10.1.11.4 out
> via gif2
> Jun 17 20:29:21 brama last message repeated 4 times
>
> The same behavior with other gif interfaces.
>
> Regards,
> Mike
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message