On 5 Dec 2000, at 13:58, rob.edkins@axon.co.nz wrote:

> Ports shouldn't apply to ICMP.
>
> On the M10/M11 it didn't seem to matter what ports you put, but some posted
> a while back suggesting that for non-tcp/udp protocols on the M1122, the
> port numbers should be set to 0.

Here's what I'm trying now:

start 0, end 0, number of ports 1, protocol 1

yet I do this: # tcpdump -i ed0 icmp

and the only pings which turn up are those I initiate:

ping -c 1 www.actrix.gen.nz

gives:

 # tcpdump -i ed0 icmp
tcpdump: listening on ed0
14:44:03.501380 ducky.nz.freebsd.org > www.actrix.gen.nz: icmp: echo
request
14:44:03.562480 www.actrix.gen.nz > ducky.nz.freebsd.org: icmp: echo
reply

Hmmm. So pings out are OK. Pings in don't get to the firewall. They
appear to be stopped at the router.

I guess my first question should be: who has pings hitting their firewall
inside an M1122?

--
Dan Langille
The FreeBSD Diary - http://www.freebsddiary.org/
          NZ ADSL - http://www.unixathome.org/adsl/
     NZ Broadband - http://www.unixathome.org/broadband/
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message