Date: Wed, 21 Jul 1999 11:11:33 -0400 From: "Tenacious" <tMind@bigfoot.com> To: "Andy V. Oleynik" <andyo@prime.net.ua>, "Ivan Villalobos" <denp@acnet.net> Cc: <freebsd-questions@freebsd.org> Subject: Re: FreeBSD + Cisco Access Lists Message-ID: <028d01bed38b$551e0c20$3c29a8c0@tci.rdo> References: <4.1.19990719175537.009b7900@mailmtx.acnet.net> <379429F4.22FA051E@prime.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
I setup mine on Cisco router and everything work ok. BUT once using ICQ, security fall apart. (I'm sure there is a lots of issue with using only estatblish statement.) I would suggest that forget access list on Cisco and start using IP Filter on your FreeBSD, a stateful filter package. It will solve most of your security needs. ----- Original Message ----- From: Andy V. Oleynik <andyo@prime.net.ua> To: Ivan Villalobos <denp@acnet.net> Cc: <freebsd-questions@freebsd.org> Sent: Tuesday, July 20, 1999 3:49 AM Subject: Re: FreeBSD + Cisco Access Lists > I'm not sure that this is ur case. But there are some > issues about Path MTU discovery & filtering ICMP > that may lead to connectivity problem. This is the URL: > http://www.worldgate.com/~marcs/mtu/ > Ivan Villalobos wrote: > > > Hi there, > > > > I did not know where to post this to, I hope someone can help me or clarify > > this for us. > > > > We just started adding some FreeBSD servers to our network, but we are just > > facing a problem. > > > > When we put an access list on a cisco router, blocking all incoming ICMP > > traffic to the FreeBSD server, the server (a DNS server) is not able to > > resolve any name, when we take the access list out, it works. It would > > appear at first glance that there is a problem in the access list, but the > > other DNS server, running Solaris x86 2.6 work just fine, same access list. > > What is more, this FreeBSD installation is replacing an old Solaris x86 > > server, that worked just fine with the same access list. > > > > My question is: is there anything special in the TCP/IP code that might be > > affecting our installation of FreeBSD?, the release we are running is > > 3.2-RELEASE. > > > > Any idea, suggestion will be GREATLY appreciated. > > > > Best regards. > > > > Ivan Villalobos > > AcNet USA, Inc. > > Network Services NOC. McAllen, TX. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > WBW Andy V. Oleynik (When U work in virtual office > prime.net.ua's U have good chance to obtain > system administrator virtual money ö%-) > +380442448363 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028d01bed38b$551e0c20$3c29a8c0>