From owner-freebsd-questions Wed Jul 21 8:15:48 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.tci-radio.com (mail.tci-radio.com [209.250.137.43]) by hub.freebsd.org (Postfix) with ESMTP id 57D93154AC for ; Wed, 21 Jul 1999 08:15:38 -0700 (PDT) (envelope-from tMind@bigfoot.com) Received: from gchan (fan200.fan590.com [209.250.138.200]) by mail.tci-radio.com (8.9.1a/8.9.1) with SMTP id LAA08604; Wed, 21 Jul 1999 11:13:57 -0400 (EDT) Message-ID: <028d01bed38b$551e0c20$3c29a8c0@tci.rdo> From: "Tenacious" To: "Andy V. Oleynik" , "Ivan Villalobos" Cc: References: <4.1.19990719175537.009b7900@mailmtx.acnet.net> <379429F4.22FA051E@prime.net.ua> Subject: Re: FreeBSD + Cisco Access Lists Date: Wed, 21 Jul 1999 11:11:33 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I setup mine on Cisco router and everything work ok. BUT once using ICQ, security fall apart. (I'm sure there is a lots of issue with using only estatblish statement.) I would suggest that forget access list on Cisco and start using IP Filter on your FreeBSD, a stateful filter package. It will solve most of your security needs. ----- Original Message ----- From: Andy V. Oleynik To: Ivan Villalobos Cc: Sent: Tuesday, July 20, 1999 3:49 AM Subject: Re: FreeBSD + Cisco Access Lists > I'm not sure that this is ur case. But there are some > issues about Path MTU discovery & filtering ICMP > that may lead to connectivity problem. This is the URL: > http://www.worldgate.com/~marcs/mtu/ > Ivan Villalobos wrote: > > > Hi there, > > > > I did not know where to post this to, I hope someone can help me or clarify > > this for us. > > > > We just started adding some FreeBSD servers to our network, but we are just > > facing a problem. > > > > When we put an access list on a cisco router, blocking all incoming ICMP > > traffic to the FreeBSD server, the server (a DNS server) is not able to > > resolve any name, when we take the access list out, it works. It would > > appear at first glance that there is a problem in the access list, but the > > other DNS server, running Solaris x86 2.6 work just fine, same access list. > > What is more, this FreeBSD installation is replacing an old Solaris x86 > > server, that worked just fine with the same access list. > > > > My question is: is there anything special in the TCP/IP code that might be > > affecting our installation of FreeBSD?, the release we are running is > > 3.2-RELEASE. > > > > Any idea, suggestion will be GREATLY appreciated. > > > > Best regards. > > > > Ivan Villalobos > > AcNet USA, Inc. > > Network Services NOC. McAllen, TX. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > WBW Andy V. Oleynik (When U work in virtual office > prime.net.ua's U have good chance to obtain > system administrator virtual money ö%-) > +380442448363 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message