From owner-freebsd-ipfw Sun Sep 19 13:10:25 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2]) by hub.freebsd.org (Postfix) with SMTP id A3D5C15228 for ; Sun, 19 Sep 1999 13:10:18 -0700 (PDT) (envelope-from bvi@rucus.ru.ac.za) Received: (qmail 39597 invoked by uid 374); 19 Sep 1999 20:12:12 -0000 Date: Sun, 19 Sep 1999 22:12:11 +0200 From: Barry Irwin To: AAKopeyko@rio.ru Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? Message-ID: <19990919221211.Q5613@rucus.ru.ac.za> References: <3.0.32.19990915164626.02309970@mail.ok-connect.com> <19990916152801.7FE51153FA@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <19990916152801.7FE51153FA@hub.freebsd.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu 1999-09-16 (19:30), AAKopeyko@rio.ru wrote: > Hi All! > > Yesterday I add new rule > > ipfw add 802 allow log icmp from any to XXX.XXX.XXX.XXX > > and now have a lot of > > > ipfw: 802 Accept ICMP:3.13 XXX.XXX.XXX.XXX yyy.yyy.yyy.yyy in via tun0 > > in log. > > Can anybody explain what 'ICMP type 3 code 13' message is? rfc 792, 950 never > talk about it. From TCP/IP Illustrated volume I ( Stevens) ICMP Type 3 code 13: communication administritavely prohibited by filter (Error stat) In other words somwhere your traffic is being blocked by a server/router which is being kind enough to tell you that this has been blocked by an adminitritive rule, rather than the service being unavalible etc. Barry -- -------------------------------------------------------------------------- Barry Irwin IRC: balin@zanet (#linux) bvi@moria.org http://rucus.ru.ac.za/~bvi Whois BI414 - PMPN8EZ - http://moria.org -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Sep 19 17:37:47 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from sys.com.sg (gw.sys.com.sg [203.120.45.1]) by hub.freebsd.org (Postfix) with ESMTP id 00E0515969 for ; Sun, 19 Sep 1999 17:37:37 -0700 (PDT) (envelope-from brian@sys.com.sg) Received: from sys.com.sg (jupiter.sys.com.sg [203.120.45.5]) by sys.com.sg (8.9.2/8.9.2) with ESMTP id IAA11139; Mon, 20 Sep 1999 08:37:39 +0800 (SGT) (envelope-from brian@sys.com.sg) Message-ID: <37E581BD.6529BEF1@sys.com.sg> Date: Mon, 20 Sep 1999 00:37:17 +0000 From: Brian Tan X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@FreeBSD.ORG Cc: Barry Irwin Subject: Re: what is 'ICMP:3.13' ? References: <3.0.32.19990915164626.02309970@mail.ok-connect.com> <19990916152801.7FE51153FA@hub.freebsd.org> <19990919221211.Q5613@rucus.ru.ac.za> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi All, Besides the ICMP:x:x messages, does anyone know what "Deny P:9" mean, as in ipfw: 10900 Deny P:9 XXX.XXX.XXX.XXX 255.255.255.255 in via rl0 Thanks Brian Barry Irwin wrote: > > On Thu 1999-09-16 (19:30), AAKopeyko@rio.ru wrote: > > Hi All! > > > > Yesterday I add new rule > > > > ipfw add 802 allow log icmp from any to XXX.XXX.XXX.XXX > > > > and now have a lot of > > > > > ipfw: 802 Accept ICMP:3.13 XXX.XXX.XXX.XXX yyy.yyy.yyy.yyy in via tun0 > > > > in log. > > > > Can anybody explain what 'ICMP type 3 code 13' message is? rfc 792, 950 never > > talk about it. > > >From TCP/IP Illustrated volume I ( Stevens) > > ICMP Type 3 code 13: > communication administritavely prohibited by filter > (Error stat) > > In other words somwhere your traffic is being blocked by a server/router > which is being kind enough to tell you that this has been blocked by an > adminitritive rule, rather than the service being unavalible etc. > > Barry > -- > -------------------------------------------------------------------------- > Barry Irwin IRC: balin@zanet (#linux) > bvi@moria.org http://rucus.ru.ac.za/~bvi > Whois BI414 - PMPN8EZ - http://moria.org > -------------------------------------------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Sep 19 18:41:26 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id A5670152E9 for ; Sun, 19 Sep 1999 18:41:15 -0700 (PDT) (envelope-from rgrimes@gndrsh.dnsmgr.net) Received: (from rgrimes@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id SAA56860; Sun, 19 Sep 1999 18:40:33 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199909200140.SAA56860@gndrsh.dnsmgr.net> Subject: Re: what is 'ICMP:3.13' ? In-Reply-To: <37E581BD.6529BEF1@sys.com.sg> from Brian Tan at "Sep 20, 1999 00:37:17 am" To: brian@sys.com.sg (Brian Tan) Date: Sun, 19 Sep 1999 18:40:33 -0700 (PDT) Cc: freebsd-ipfw@FreeBSD.ORG, bvi@rucus.ru.ac.za (Barry Irwin) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hi All, > > Besides the ICMP:x:x messages, does anyone know what "Deny P:9" mean, as > in > > ipfw: 10900 Deny P:9 XXX.XXX.XXX.XXX 255.255.255.255 in via rl0 Yea... you have someone running some form of igp, it literally mans Protocol 9 as in what is listed in /etc/protocols: igp 9 IGP # any private interior gateway (Cisco: for IGRP) Got any Ciscos around??? > Thanks > Brian > Barry Irwin wrote: > > > > On Thu 1999-09-16 (19:30), AAKopeyko@rio.ru wrote: > > > Hi All! > > > > > > Yesterday I add new rule > > > > > > ipfw add 802 allow log icmp from any to XXX.XXX.XXX.XXX > > > > > > and now have a lot of > > > > > > > ipfw: 802 Accept ICMP:3.13 XXX.XXX.XXX.XXX yyy.yyy.yyy.yyy in via tun0 > > > > > > in log. > > > > > > Can anybody explain what 'ICMP type 3 code 13' message is? rfc 792, 950 never > > > talk about it. > > > > >From TCP/IP Illustrated volume I ( Stevens) > > > > ICMP Type 3 code 13: > > communication administritavely prohibited by filter > > (Error stat) > > > > In other words somwhere your traffic is being blocked by a server/router > > which is being kind enough to tell you that this has been blocked by an > > adminitritive rule, rather than the service being unavalible etc. > > > > Barry > > -- > > -------------------------------------------------------------------------- > > Barry Irwin IRC: balin@zanet (#linux) > > bvi@moria.org http://rucus.ru.ac.za/~bvi > > Whois BI414 - PMPN8EZ - http://moria.org > > -------------------------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ipfw" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Sep 19 19:59:38 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from sys.com.sg (gw.sys.com.sg [203.120.45.1]) by hub.freebsd.org (Postfix) with ESMTP id 64F84155BA for ; Sun, 19 Sep 1999 19:59:28 -0700 (PDT) (envelope-from brian@sys.com.sg) Received: from sys.com.sg (jupiter.sys.com.sg [203.120.45.5]) by sys.com.sg (8.9.2/8.9.2) with ESMTP id KAA11400; Mon, 20 Sep 1999 10:58:44 +0800 (SGT) (envelope-from brian@sys.com.sg) Message-ID: <37E5A2CC.B839FD12@sys.com.sg> Date: Mon, 20 Sep 1999 02:58:20 +0000 From: Brian Tan X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15 i686) X-Accept-Language: en MIME-Version: 1.0 To: "Rodney W. Grimes" Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? References: <199909200140.SAA56860@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Rodney, Yup, Cisco 25xx there is. Tried the following to allow and it looked OK ipfw add nnnn allow 9 from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx Thanks. Brian "Rodney W. Grimes" wrote: > > > Hi All, > > > > Besides the ICMP:x:x messages, does anyone know what "Deny P:9" mean, as > > in > > > > ipfw: 10900 Deny P:9 XXX.XXX.XXX.XXX 255.255.255.255 in via rl0 > > Yea... you have someone running some form of igp, it literally mans Protocol 9 > as in what is listed in /etc/protocols: > > igp 9 IGP # any private interior gateway (Cisco: for IGRP) > > Got any Ciscos around??? > > > Thanks > > Brian > > Barry Irwin wrote: > > > > > > On Thu 1999-09-16 (19:30), AAKopeyko@rio.ru wrote: > > > > Hi All! > > > > > > > > Yesterday I add new rule > > > > > > > > ipfw add 802 allow log icmp from any to XXX.XXX.XXX.XXX > > > > > > > > and now have a lot of > > > > > > > > > ipfw: 802 Accept ICMP:3.13 XXX.XXX.XXX.XXX yyy.yyy.yyy.yyy in via tun0 > > > > > > > > in log. > > > > > > > > Can anybody explain what 'ICMP type 3 code 13' message is? rfc 792, 950 never > > > > talk about it. > > > > > > >From TCP/IP Illustrated volume I ( Stevens) > > > > > > ICMP Type 3 code 13: > > > communication administritavely prohibited by filter > > > (Error stat) > > > > > > In other words somwhere your traffic is being blocked by a server/router > > > which is being kind enough to tell you that this has been blocked by an > > > adminitritive rule, rather than the service being unavalible etc. > > > > > > Barry > > > -- > > > -------------------------------------------------------------------------- > > > Barry Irwin IRC: balin@zanet (#linux) > > > bvi@moria.org http://rucus.ru.ac.za/~bvi > > > Whois BI414 - PMPN8EZ - http://moria.org > > > -------------------------------------------------------------------------- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-ipfw" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ipfw" in the body of the message > > > > -- > Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Sep 20 0:47:56 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.anp.nl (ns.anp.nl [195.81.24.2]) by hub.freebsd.org (Postfix) with ESMTP id 9DECE156C7 for ; Mon, 20 Sep 1999 00:47:53 -0700 (PDT) (envelope-from hvoers@anp.nl) Received: from ns.anp.nl (ns.anp.nl [195.81.24.2]) by ns.anp.nl (8.9.1/8.9.1) with ESMTP id JAA03824; Mon, 20 Sep 1999 09:46:25 +0200 Date: Mon, 20 Sep 1999 09:46:25 +0200 (cest) From: Henk van Oers To: Brian Tan Cc: "Rodney W. Grimes" , freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? In-Reply-To: <37E5A2CC.B839FD12@sys.com.sg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 20 Sep 1999, Brian Tan wrote: > Hi Rodney, > > Yup, Cisco 25xx there is. Tried the following to allow and it looked OK > > ipfw add nnnn allow 9 from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx "Tried the following"? Did you know what you where doing? Isn't the Cisco wrong configured? > > Thanks. > Brian > > "Rodney W. Grimes" wrote: > > > > > Hi All, > > > > > > Besides the ICMP:x:x messages, does anyone know what "Deny P:9" mean, as > > > in > > > > > > ipfw: 10900 Deny P:9 XXX.XXX.XXX.XXX 255.255.255.255 in via rl0 > > > > Yea... you have someone running some form of igp, it literally mans Protocol 9 > > as in what is listed in /etc/protocols: > > > > igp 9 IGP # any private interior gateway (Cisco: for IGRP) > > > > Got any Ciscos around??? > > I had to deny P:54 packets from one of our (external) ftp clients. There are no #54 entries in the /etc/protocols I use (HP, Sun, QNX, FreeBSD) Has anyone seen this before? Henk. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Sep 20 0:56:35 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.i.cz (ns.i.cz [193.85.255.2]) by hub.freebsd.org (Postfix) with ESMTP id 4FC0715A6E for ; Mon, 20 Sep 1999 00:56:30 -0700 (PDT) (envelope-from mm@i.cz) Received: from woody.i.cz (woody.i.cz [193.85.255.60]) by ns.i.cz (Postfix) with ESMTP id 669DD36419 for ; Mon, 20 Sep 1999 09:56:17 +0200 (CEST) Content-Length: 341 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Mon, 20 Sep 1999 09:56:17 +0200 (MET DST) Reply-To: mm@i.cz From: Martin Machacek To: freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 20-Sep-99 Henk van Oers wrote: > I had to deny P:54 packets from one of our (external) ftp clients. > There are no #54 entries in the /etc/protocols I use (HP, Sun, QNX, > FreeBSD) Has anyone seen this before? According to IANA: 54 NARP NBMA Address Resolution Protocol [RFC1735] Martin --- [PGP KeyID F3F409C4] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Sep 20 1:45:15 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id E433814C07 for ; Mon, 20 Sep 1999 01:45:12 -0700 (PDT) (envelope-from rgrimes@gndrsh.dnsmgr.net) Received: (from rgrimes@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id BAA58278; Mon, 20 Sep 1999 01:44:24 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199909200844.BAA58278@gndrsh.dnsmgr.net> Subject: Re: what is 'ICMP:3.13' ? In-Reply-To: from Henk van Oers at "Sep 20, 1999 09:46:25 am" To: hvoers@anp.nl (Henk van Oers) Date: Mon, 20 Sep 1999 01:44:23 -0700 (PDT) Cc: brian@sys.com.sg (Brian Tan), freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ... > > > Got any Ciscos around??? > > > > > I had to deny P:54 packets from one of our (external) ftp clients. > There are no #54 entries in the /etc/protocols I use (HP, Sun, QNX, > FreeBSD) Has anyone seen this before? Have you heard of IANA? The official location of documenting these numbers. And your FreeBSD must be a bit old. My 3.2 source tree has 54 in /etc/protocols: narp 54 NARP # NBMA Address Resolution Protocol -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Sep 20 18:21:55 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from sys.com.sg (gw.sys.com.sg [203.120.45.1]) by hub.freebsd.org (Postfix) with ESMTP id 8D93E14DB6 for ; Mon, 20 Sep 1999 18:21:38 -0700 (PDT) (envelope-from brian@sys.com.sg) Received: from sys.com.sg (jupiter.sys.com.sg [203.120.45.5]) by sys.com.sg (8.9.2/8.9.2) with ESMTP id JAA13625; Tue, 21 Sep 1999 09:16:36 +0800 (SGT) (envelope-from brian@sys.com.sg) Message-ID: <37E6DC5D.B56FBF58@sys.com.sg> Date: Tue, 21 Sep 1999 01:16:13 +0000 From: Brian Tan X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15 i686) X-Accept-Language: en MIME-Version: 1.0 To: "Rodney W. Grimes" Cc: Henk van Oers , freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? References: <199909200844.BAA58278@gndrsh.dnsmgr.net> Content-Type: multipart/mixed; boundary="------------31A1A1F0495A09F898A686F6" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------31A1A1F0495A09F898A686F6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Rodney W. Grimes" wrote: > > ... > > > > Got any Ciscos around??? > > > > > > > > I had to deny P:54 packets from one of our (external) ftp clients. > > There are no #54 entries in the /etc/protocols I use (HP, Sun, QNX, > > FreeBSD) Has anyone seen this before? > > Have you heard of IANA? The official location of documenting these > numbers. And your FreeBSD must be a bit old. My 3.2 source tree > has 54 in /etc/protocols: > narp 54 NARP # NBMA Address Resolution Protocol > > -- > Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net My 3.2 /etc/protocols does not have P:9 nor P:54 Brian --------------31A1A1F0495A09F898A686F6 Content-Type: text/plain; charset=us-ascii; name="protocols" Content-Disposition: inline; filename="protocols" Content-Transfer-Encoding: 7bit # # Internet (IP) protocols # # $Id: protocols,v 1.10 1998/02/13 20:21:04 julian Exp $ # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # See also http://www.iana.org/in-notes/iana/assignments/protocol-numbers # ip 0 IP # internet protocol, pseudo protocol number #hopopt 0 HOPOPT # hop-by-hop options for ipv6 icmp 1 ICMP # internet control message protocol igmp 2 IGMP # Internet Group Management ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') st 5 ST # ST datagram mode tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp 22 XNS-IDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 xtp 36 XTP # Xpress Tranfer Protocol idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transport ipv6 41 IPV6 # ipv6 ipv6-route 43 IPV6-ROUTE # routing header for ipv6 ipv6-frag 44 IPV6-FRAG # fragment header for ipv6 rsvp 46 RSVP # Resource ReSerVation Protocol gre 47 GRE # Generic Routing Encapsulation (RFC 1702) esp 50 ESP # encapsulating security payload ah 51 AH # authentication header skip 57 SKIP # SKIP ipv6-icmp 58 IPV6-ICMP # ICMP for IPv6 ipv6-nonxt 59 IPV6-NONXT # no next header for ipv6 ipv6-opts 60 IPV6-OPTS # destination options for ipv6 vmtp 81 VMTP # Versatile Message Transport ospf 89 OSPFIGP # Open Shortest Path First IGP ipip 94 IPIP # Yet Another IP encapsulation encap 98 ENCAP # Yet Another IP encapsulation divert 254 DIVERT # Divert pseudo-protocol --------------31A1A1F0495A09F898A686F6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Sep 20 18:22: 8 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from sys.com.sg (gw.sys.com.sg [203.120.45.1]) by hub.freebsd.org (Postfix) with ESMTP id 43D2114E37 for ; Mon, 20 Sep 1999 18:22:01 -0700 (PDT) (envelope-from brian@sys.com.sg) Received: from sys.com.sg (jupiter.sys.com.sg [203.120.45.5]) by sys.com.sg (8.9.2/8.9.2) with ESMTP id JAA13636; Tue, 21 Sep 1999 09:20:04 +0800 (SGT) (envelope-from brian@sys.com.sg) Message-ID: <37E6DD2D.360DBF8F@sys.com.sg> Date: Tue, 21 Sep 1999 01:19:41 +0000 From: Brian Tan X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15 i686) X-Accept-Language: en MIME-Version: 1.0 To: Henk van Oers Cc: "Rodney W. Grimes" , freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Henk van Oers wrote: > > > "Tried the following"? Did you know what you where doing? > Isn't the Cisco wrong configured? > The Cisco does have IGRP enabled. Is there any problem allowing the protocol packet through? or should the IGRP be disabled in the Cisco? Thanks Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Sep 21 0:42:16 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.anp.nl (ns.anp.nl [195.81.24.2]) by hub.freebsd.org (Postfix) with ESMTP id CCDF1150C6 for ; Tue, 21 Sep 1999 00:42:12 -0700 (PDT) (envelope-from hvoers@anp.nl) Received: from ns.anp.nl (ns.anp.nl [195.81.24.2]) by ns.anp.nl (8.9.1/8.9.1) with ESMTP id JAA27877; Tue, 21 Sep 1999 09:40:35 +0200 Date: Tue, 21 Sep 1999 09:40:35 +0200 (cest) From: Henk van Oers To: Brian Tan Cc: "Rodney W. Grimes" , freebsd-ipfw@FreeBSD.ORG Subject: Re: what is 'ICMP:3.13' ? In-Reply-To: <37E6DD2D.360DBF8F@sys.com.sg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 21 Sep 1999, Brian Tan wrote: > Henk van Oers wrote: > > > > > > "Tried the following"? Did you know what you where doing? > > Isn't the Cisco wrong configured? > > > The Cisco does have IGRP enabled. Is there any problem allowing the > protocol packet through? or should the IGRP be disabled in the Cisco? I do not see the use of "private interior gateway protocol" on a public interface, so why allow the packets. And if the Cisco has no one to talk to, why litter the LAN? When you "tried" the allow rule, I was thinking of why not try to disallow it? The ipfw rules are there to enable what you need and not to let through what you don't know. Isn't it? Henk. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Sep 21 9:17:52 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 402A414E47 for ; Tue, 21 Sep 1999 09:17:44 -0700 (PDT) (envelope-from rgrimes@gndrsh.dnsmgr.net) Received: (from rgrimes@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id JAA63174; Tue, 21 Sep 1999 09:16:21 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199909211616.JAA63174@gndrsh.dnsmgr.net> Subject: Re: what is 'ICMP:3.13' ? In-Reply-To: from Henk van Oers at "Sep 21, 1999 09:40:35 am" To: hvoers@anp.nl (Henk van Oers) Date: Tue, 21 Sep 1999 09:16:21 -0700 (PDT) Cc: brian@sys.com.sg (Brian Tan), freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Tue, 21 Sep 1999, Brian Tan wrote: > > > Henk van Oers wrote: > > > > > > > > > "Tried the following"? Did you know what you where doing? > > > Isn't the Cisco wrong configured? > > > > > The Cisco does have IGRP enabled. Is there any problem allowing the > > protocol packet through? or should the IGRP be disabled in the Cisco? > > I do not see the use of "private interior gateway protocol" on a public > interface, so why allow the packets. > And if the Cisco has no one to talk to, why litter the LAN? > When you "tried" the allow rule, I was thinking of why not try to disallow > it? The ipfw rules are there to enable what you need and not to let > through what you don't know. Isn't it? I would also contact the administrator responsible for that Cisco beforing doing any of the above. There may be a very good reason that IGRP is enabled. If your this is an ISP supplied unit you should contact them about it, they may be using IGRP over the WAN link to maintain your conectivity and turing it off my disconnect you. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message