From owner-freebsd-questions Wed Oct 9 10:38:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 710FB37B401 for ; Wed, 9 Oct 2002 10:38:51 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5192C43E4A for ; Wed, 9 Oct 2002 10:38:50 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.12.3/8.12.3) with ESMTP id g99HaZZK026261; Wed, 9 Oct 2002 14:36:36 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Wed, 9 Oct 2002 14:36:35 -0300 (ART) From: Fernando Gleiser To: TheGlenMann Cc: freebsd-questions@freebsd.org Subject: Re: Ping to broadcast ok from subnet, not ok otherwise In-Reply-To: <3493.12.151.4.177.1034175499.squirrel@webmail.suscom.net> Message-ID: <20021009142318.M3949-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-3.4 required=5.0 tests=IN_REP_TO version=2.31 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 9 Oct 2002, TheGlenMann wrote: > Hi all- > > > Sitting at a 10.10.1.n machine, I can ping the gateway 10.10.x.254 on > every subnet. However, a ping to the broadcast address as > ping -c1 10.10.x.255 > fails on some of the subnets (from outside that subnet). From within the > subnet, the ping to the broadcast succeeds everywhere. Pings to known > hosts (and 10.10.x.254) succeed always from everywhere. > > So, my question is, why would I be able to successfully ping to the > broadcast address from within a subnet but not from outside the subnet, > but only in certain cases? We have a mix of windows, FreeBSD, router, and > other machines on each subnet. (I'm led to ask all this since where the > broadcast doesn't work from outside the subnet, neither does DHCP, which > is proving to be a real problem!) The routers should block packets destined to the internal net broadcast address to prevent the infamous "smurf attack". Search the CERT for details. I seem to remember that Cisco routers are configured to drop those packets by default. That explains why you can ping the broadcast from within the LAN and not from outside (the router drops the packet on the floor). As far as DHCP, there is a dhcprelay (part of the isc-dhcp port) to pass DHCP requests between networks. Besides, having only one dhcp server for the whole WAN is (IMHO) a Bad Idea (TM), it screams "single point of failure". Fer > > Thanks > -Glen Mann > > -- > "I may not have had enough of me, but I've had enough of you." > Robert Fripp, Exposure > -- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message