Date: Fri, 20 Nov 1998 09:50:56 -0700 From: Nate Williams <nate@mt.sri.com> To: freebsd-isp@FreeBSD.ORG Subject: ICMP firewall entry? Message-ID: <199811201650.JAA14515@mt.sri.com>
next in thread | raw e-mail | index | archive | help
David Greenman's recent comment about 'too-string a firewall for ICMP'
in one of the lists got me thinking about some machines on my network.
Currently, I have a 'home-network' of machines in each employees
home, which has it's own dedicated subnet (4 machines, whee!). However,
the machines connected to this subnet can not connect to every WWW
server on the net, while the 'gateway' machines for each home have no
such problems.
Example:
Internet <-> Firewall <-> Modem Server <-> Office machines
^ ^ ^
| | |
v v v
Home networks routers <-> Home machine 1
(home networks routers are multiple machines, each connecting to the
modem server from a different house).
All routing computers in this case are running FreeBSD, as well as the
firewall and modem server. Note, all the office machines work fine, all
of the home network routers work fine, but all of the home machines work
'most of the time'. For example, I can't connect to www.intellicast.com
from my box that I'm typing on now, but if I startup netscape on the
router box next to it things work fine.
Could this be related to ICMP? The 'router' boxes have two addresses,
one is the 'office address' so it appears to be on the office network,
but it also has a second address that is one the 'home subnet'. The
only thing I can think is that somehow routing isn't working, but for
about 80% of the sites on the WWW, everything works peachy?
How would I go about debugging this?
Thanks!
Nate
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811201650.JAA14515>