Date: Fri, 20 Nov 1998 13:57:40 -0700 From: Nate Williams <nate@mt.sri.com> To: "Shannon Wheeler" <swheeler@tnc.com> Cc: "FreeBSD isp" <freebsd-isp@FreeBSD.ORG> Subject: Re: ICMP firewall entry? Message-ID: <199811202057.NAA15805@mt.sri.com> In-Reply-To: <01be14c0$ebba8b20$0307070a@Shannon> References: <01be14c0$ebba8b20$0307070a@Shannon>
next in thread | previous in thread | raw e-mail | index | archive | help
> Something wrong with your subnet mask or you're using non-private IP > addresses internally. What internal IP addresses are you using and what > subnet masks? I'm not using any private IP addresses, and if my masks were wrong nothing would get through. Almost everything gets through, but only certain WWW sites don't work. If it were a simple configuratino issue I wouldn't have posted to the list. It may be an issue with my firewall and ICMP source routing, or it may be something else completely different. Nate > Shannon Wheeler > Data & Comm. Tech > Clearwater Welding & Fabricating Ltd > Fort McMurray, AB > > -----Original Message----- > From: Nate Williams <nate@mt.sri.com> > > > >David Greenman's recent comment about 'too-string a firewall for ICMP' > >in one of the lists got me thinking about some machines on my network. > > > >Currently, I have a 'home-network' of machines in each employees > >home, which has it's own dedicated subnet (4 machines, whee!). However, > >the machines connected to this subnet can not connect to every WWW > >server on the net, while the 'gateway' machines for each home have no > >such problems. > > > >Example: > > > >Internet <-> Firewall <-> Modem Server <-> Office machines > > ^ ^ ^ > > | | | > > v v v > > Home networks routers <-> Home machine 1 > > > > > >(home networks routers are multiple machines, each connecting to the > >modem server from a different house). > > > >All routing computers in this case are running FreeBSD, as well as the > >firewall and modem server. Note, all the office machines work fine, all > >of the home network routers work fine, but all of the home machines work > >'most of the time'. For example, I can't connect to www.intellicast.com > >from my box that I'm typing on now, but if I startup netscape on the > >router box next to it things work fine. > > > >Could this be related to ICMP? The 'router' boxes have two addresses, > >one is the 'office address' so it appears to be on the office network, > >but it also has a second address that is one the 'home subnet'. The > >only thing I can think is that somehow routing isn't working, but for > >about 80% of the sites on the WWW, everything works peachy? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811202057.NAA15805>