Skip site navigation (1)Skip section navigation (2) 
Date:      07 Jul 2003 20:23:00 +0000
From:      Stacey Roberts <stacey@vickiandstacey.com>
To:        Frank Knobbe <frank@knobbe.us>
Cc:        freebsduk <freebsd-users@uk.freebsd.org>
Subject:   Re: Changed ISP now can't get to websites / traceroute
Message-ID:  <1057609379.349.213.camel@localhost>
In-Reply-To: <1057605801.552.61.camel@localhost>
References:  <1057603959.349.193.camel@localhost> <1057605801.552.61.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Frank,

On Mon, 2003-07-07 at 19:23, Frank Knobbe wrote:
> On Mon, 2003-07-07 at 13:52, Stacey Roberts wrote:
> 
> > 2] Does anyone know of any reason why traceroute might fail on FreeBSD,
> > but work on Win2K Pro?
> 
> Stacey,
> 
> FreeBSD uses UDP based traceroute while Windows boxes use ICMP based
> traceroute. Some providers (like ComCast cable) block ICMP packets (so
> tracert on Windows fails), but let UDP packets through (which means that
> BSD based traceroute succeeds).
> 

Ahh.., that's got to be it.., I'll have a look at my ipfw ruleset and
see if there's something can be tweaked..,

For what its worth, here are the relevant statements that previously
worked with my PIPEX adsl connection:

$fwcmd add 00640 allow tcp from any to any out via $oif setup keep-state
uid root
$fwcmd add 00641 allow tcp from any to any in via $oif setup keep-state
uid root
$fwcmd add 00642 allow udp from me to any 33435-33500 out via $oif
keep-state
$fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif
limit src-addr 2
 
# Allow out ping function
$fwcmd add 00650 allow icmp from any to any out via $oif keep-state

And here's all the icmp-related statements:

$ grep -i icmp /etc/firewall/fwrules
$fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif
limit src-addr 2
$fwcmd add 00650 allow icmp from any to any out via $oif keep-state
$fwcmd add 00860 deny log icmp from any to me icmptype 0,8 in via $oif
$

These worked fine before.., Can't imagine why they wouldn't be okay now.

Thanks again for the info, Frank.., That's another one of those
things...,

Regards,

Stacey

> HTH,
> Frank
-- 
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1057609379.349.213.camel>