Date: Fri, 11 Mar 2005 13:50:47 +0100 From: Emanuel Strobl <emanuel.strobl@gmx.net> To: freebsd-stable@freebsd.org Cc: pf@freebsd.org Subject: Re: Return-icmp doesn't work [Was: Re: Recent panics caused by pf] Message-ID: <200503111350.52724@harrymail> In-Reply-To: <200503111311.03343@harrymail> References: <20050212061756.GF4769@kt-is.co.kr> <200502211924.10327.max@love2party.net> <200503111311.03343@harrymail>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2763250.1f29yxMuzH Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 11. M=E4rz 2005 13:10 schrieb Emanuel Strobl: > I'm on the firewall again and verified that block return works for tcp-rs= t, > but not for return-icmp (with or without code), it seems packets just get > droped, regardless for which protocol (tested UDP, ICMP, TCP). Sorry for the noise, it's my mistake, ping doesn't show me the error messag= e.=20 I think I can remember that the last time I created/tested a ruleset (with= =20 4.6) I got detaild error messages like "telnet: connect to address 82.135.28.195: Destination Host Unreachable" but now I just get=20 "telnet: connect to address 82.135.28.195: Connection refused" without the error report. Is it possible that in former times these ICMP error messages were printed = on=20 the console which now the kernel doesn't anymore? > > Then I have another problem which may be a design problem. > I am multihomed and have several pass reply-to rules. So far things are > working fine but block return doesn't! Of course, the return gets over the > default route, so what I needed is a block return route-to or something > like that. > Do you know any detour how this could be achieved? This problem is still unsolved :( Thnaks, =2DHarry > > Thanks, > > -Harry > > > > Thanks, > > > > > > > > > -Harry (P.S.: Emanuel and Harry are the same persons (me) the gmx > > > address is just a fake identity for mailing lists) > > > > okay ... you see us perplexed ;) --nextPart2763250.1f29yxMuzH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMZQsBylq0S4AzzwRAhdNAJwMOPgSOuDpXREjcI0ryPZrKgM06gCcD+C5 h3zMRkKHi7Aqs/4ZVDnSZy4= =6RHR -----END PGP SIGNATURE----- --nextPart2763250.1f29yxMuzH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503111350.52724>