Date: Wed, 01 Feb 2012 13:55:03 +0700 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: "Eric W. Bates" <ericx@ericx.net> Cc: freebsd-net@freebsd.org Subject: Re: allowing gif thru ipfw Message-ID: <4F28E1C7.4060209@grosbein.pp.ru> In-Reply-To: <4F28C168.9010206@ericx.net> References: <4F28C168.9010206@ericx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
01.02.2012 11:36, Eric W. Bates пишет: > Seems like a silly question; but how does one allow the packets > composing a gif tunnel thru ipfw? > > I assumed a gif was made up of ipencap (IP proto 4) packets and added rules: > > $fwcmd add 00140 allow ipencap from $he_tun to me > $fwcmd add 00141 allow ipencap from me to $he_tun > > ($he_tun is an Hurricane Electric provider); but neither of them are > hit; so that's wrong... > > tcpdump -i em_vlan5 -nnvvs0 ip proto 4 > > doesn't show any packets either... Try: tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp Perhaps, you gif is encrypted with ipsec? That changes ip protocol numbers. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F28E1C7.4060209>