Date: Tue, 18 Jun 2002 11:52:12 +0300 (EEST) From: Mike Futerko <mike@LITech.lviv.ua> To: freebsd-questions@freebsd.org Subject: Re: ipfw + gif Message-ID: <20020618114913.Q10256-100000@ah.litech.net> In-Reply-To: <20020617202233.X3574-100000@ah.litech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Note that it is only when I'm using IPsec between 194.xxx.xxx.210 and 213.xxx.xxx.50 Could someone give me suggestions how to fix this? Regards, Mike. > Hello list, > > I have a problem with firewalling packets on gif interfaces. > I'm using gif for building tunnels, ipfw doesn't see incoming packets that came > on gif interface. > > Is it bug or feature? :) > > My configuration: > > > ifconfig gif2 > gif2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 > tunnel inet 194.xxx.xxx.210 --> 213.xxx.xxx.50 > inet 10.1.10.4 --> 10.1.11.4 netmask 0xffffffff > > > ipfw l 5 6 > 00005 allow log ip from any to 10.1.11.4 > 00006 allow log ip from 10.1.11.4 to any > > When I ping remote side: > > ping 10.1.11.4 > PING 10.1.11.4 (10.1.11.4): 56 data bytes > 64 bytes from 10.1.11.4: icmp_seq=0 ttl=64 time=53.578 ms > > I can see only outgoing packets in my log and don't see incoming: > > tail -f /var/log/security > > Jun 17 20:29:17 brama /kernel: ipfw: 5 Accept ICMP:8.0 10.1.10.4 10.1.11.4 out > via gif2 > Jun 17 20:29:21 brama last message repeated 4 times > > The same behavior with other gif interfaces. > > Regards, > Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020618114913.Q10256-100000>