From owner-freebsd-net@FreeBSD.ORG Wed Dec 19 14:44:02 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9587116A41B for ; Wed, 19 Dec 2007 14:44:02 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 5181C13C4CC for ; Wed, 19 Dec 2007 14:44:02 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=qEgJc6aBJ4IcIaJjKaYeKN5jULUgOaP29gAKC2vS+tRgne8GKc5cKrck3wHbLqm33yy+SufSlM/7wVh6XgevYNMkrzP6sHlBatro9XYIW3S88EBQ/y2Qv7s/VFxE6n/budZzZ4wU/Tzb07s5O9NxL4xNhG0cVawF6/xTQBoMSfI=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1J509P-000PFN-Qj; Wed, 19 Dec 2007 17:44:00 +0300 Date: Wed, 19 Dec 2007 17:43:58 +0300 From: Eygene Ryabinkin To: vermaden Message-ID: <+4G9Nr+ZwtUziff5Dar2/aUcj4w@JA8cQVXg905K+QGregQphbHxLjw> References: <20071218172055.D14CC160055@f32.poczta.interia.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20071218172055.D14CC160055@f32.poczta.interia.pl> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-2.3 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_20 Cc: freebsd-net@freebsd.org Subject: Re: default route X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Dec 2007 14:44:02 -0000 Tue, Dec 18, 2007 at 06:20:53PM +0100, vermaden wrote: > > After reading this I feel that you have absolutely no packets on > > either interfaces when your Linux box ping FreeBSD. But this > > contradicts with your previous assertion that if ICMP packet comes > > in on rl1, then it is reflected at rl0. Am I missing something? > > Yes I must mislook that, rl0 also is 'dead' while Linux box pings > my FreeBSD box using net on rl1. OK, so I feel that there are two points to check. 1. Firewall. Even if you're running GENERIC, firewall thingies are compiled as kernel modules and can be loaded by the startup scripts. The output of 'kldstat -v' will show what modules are loaded. BPF is run before filtering, so it sees packets that firewall can drop. 2. Enable ICMP verbose mode in the kernel: set the variable 'icmpprintfs' on the top of the /sys/netinet/ip_icmp.c to 1 and define ICMPPRINTFS during kernel compilation via 'makeoptions ICMPPRINTFS=1'. After this you should watch for kernel messages with the 'icmp' at the beginning of the line. Hope this helps. -- Eygene