On Fri, 5 Apr 2002 12:59:44 +0200 Krzysztof Zaraska wrote:

> On Fri, 05 Apr 2002 07:44:45 -0000 ozkan_kirik wrote:
>
> > after i built my kernel, i couldnt ping to anywhere even router, & i
> > couldnt ping to my firewall.
>
> I don't quite understand you... Usually the firewall should be setup the
> way allowing you to ping outside host, but the external world should not
> be able to ping you.
>
> > what the problem can be?
> >
> > the options on kernel are:
> >
> > IPFIREWALL
> > IPDIVERT
> > IPFIREWALL_FORWARD
> > IPFIREWALL_VERBOSE
> > IPFIREWALL_VERBOSE_LIMIT=100
> > IPFIREWALL_DEFAULT_TO_ACCEPT
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This will let through any traffic not explicitely denied.
>
> Standard recommended setup is 'default to deny'.
>
> > IPFILTER
> > IPFILTER_LOG
>
> Are you sure you want to run both ipf and ipfw at the same time?

Ooops, missed previous thread on the subject. Sorry. It _makes_ sense.

Did you try looking at counters for each firewall rule and/or your logs
while pinging? You may have a misconfigured ruleset, ending up in dropping
packets that should be let through. Just a guess.

-- 
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//		-- Stanislaw Lem
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]