Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Feb 2002 07:53:21 -0800 (PST)
From:      Julian Noble <julian@precisium.com.au>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/35245: unwanted stealth behaviour  (inbound icmp via ppp tun0 ttl not decremented ?)
Message-ID:  <200202231553.g1NFrLR31225@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         35245
>Category:       misc
>Synopsis:       unwanted stealth behaviour  (inbound icmp via ppp tun0 ttl not decremented ?)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 23 08:00:03 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Julian Noble
>Release:        
>Organization:
Precisium
>Environment:
FreeBSD sydr3.Junctionworld.net 4.4-STABLE FreeBSD 4.4-STABLE #0: Wed Jan 23 07:42:09 GMT 2002     root@sydr3.Junctionworld.net:/usr/src/sys/compile/P7  i386

>Description:
machine exhibits unwanted 'stealth' behaviour for inbound traceroutes to machines behind it even when no firewall enabled and IPSTEALTH kernel option not present.
Machine does however appear as a hop for outbound traceroutes from machines behind it.

      
>How-To-Repeat:
traceroute to a machine behind a FreeBSD box with a ppp wan link and with the following kernel options.  Hop is missing from trace even when you disable the firewall with sysctl or ipfw flush. 
No nat. All valid IP addresses. Connection is ADSL.
If this is the nature of tun interfaces or something - I couldn't find any documentation on it. Only documentation I could find anywhere was about enabling stealth behaviour - not disabling - and I certainly didn't expect it to be on by default. 
It may be obvious - but I'm also new to unix-like operating systems so make extra consideration of the fact that I might not know what I'm doing.
 
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=250
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options NETGRAPH
options NETGRAPH_SOCKET
options NETGRAPH_ECHO
options NETGRAPH_TEE
options NETGRAPH_PPPOE
options NETGRAPH_ETHER

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202231553.g1NFrLR31225>