Date: Thu, 24 May 2001 19:41:52 -0400 From: Jeff Dugan <jdugan21@home.com> To: freebsd-questions@FreeBSD.org Subject: IPFilter Troubles Message-ID: <3B0D9C40.2763825B@home.com>
next in thread | raw e-mail | index | archive | help
I'm having some troubles with the IPFILTER_DEFAULT_BLOCK kernel option. When i try to ping either internal (ed0) or external (xl0) hostnames, i get..... # ping myhost PING myhost.mynet.org (192.168.24.1): 56 data bytes ping: sendto: No route to host. (x3) ^C --- myhost.mynet.org ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss if i ping extHost....same result. if i ping anything else,...it works fine ! When i compile my kernel without IPFILTER_DEFAULT_BLOCK, the problem is solved (obviously) Since it is far better to deny-first open-later than it is to open-first deny-later, I am in need of assistance. I initially thought that this was a problem with my rules, so I tried opening everything, that did not work. I've tried soooo many combinations it not even funny! I tired modifying the ipnat mapping,... I sent my rules (ipf & ipnat) to a colleague running IPF,..they work great on his system. That colleague suggested running router="routed" router_flags="-s" router_enabled="YES", but this did not solve the prob,.... Another suggested using the < option BRIDGE and option IPSTEALTH > in the kernel, but that didn't work.... Any suggestions ? ________________________ jeff dugan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B0D9C40.2763825B>