Dan Langille wrote:

> On 5 Dec 2000, at 13:11, Juha Saarinen wrote:
>
> > %-> At http://192.168.1.254/cgi_u/localnapt, in the protocols drop
> > %-> down list
> > %-> box, I see: TCP, UDP, PPTP-GRE, ESP-IPSEC, and 1..255.
> > %->
> > %-> What are 1..255?
> >
> > IP protocol numbers.
> >
> > %-> Where is ICMP?
> >
> > Protocol number 1, isn't it?
>
> $ grep icmp /etc/protocols
> icmp 1 ICMP # internet control message protocol
> ipv6-icmp 58 IPV6-ICMP # ICMP for IPv6
>
> So it is... thanks.
>
> next question: what ports to supply? I just allowed 1..65535 but I'm not
> getting any pings through to my actual firewall. They seem to stop at
> the router. I'm verifying this by my firewall logs. Which contain icmp
> entires for the 4th, but not for the 5th. My logging rules haven't
> changed, therefore I suspect the router.

Hmm...

Someone please correct me if I get this wrong but,

ICMP doesn't actually have ports, it has types. If the port setting corresponds
to the type you won't be working because type/port 0 is echo reply. Try
pinholing 0..255 as 255 is the highest type.

>
>
> I'm suspecting the same of traceroute because I can't get that working
> either. For that, I've allowed udp ports 1..65535 as well. I'm getting
> confused as to why neither protocol is reaching my firewall.

I guess that's for the same reasons as above.

Cheers,

Andrew

--
Too much procrastination will make you blind.
        -- Me.
           August 2000.
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message