Re: IPFILTER_DEFAULT_BLOCK & No route to host

From: echelon (e_chelon_at_yahoo.com)
Date: 09/30/03

Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-03:15.openssh"

Previous message: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Maybe in reply to: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
Next in thread: Dag-Erling Smørgrav: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Reply: Dag-Erling Smørgrav: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Sep 2003 04:23:25 -0700 (PDT)
To: Darren Reed <avalon@caligula.anu.edu.au>

Ok, may be this is fine to get "No route to host" when ping 127.0.0.1/ localhost if
IPFILTER_DEFAULT_BLOCK option is set.

However, I use the following rules for the internal network interface (xl1)

# Group 9000 (internal network interface)
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 23 group 9000
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 21 group 9000
pass in quick on xl1 all group 9000

With these rules, I believe I should able to ping and SSH the freebsd box from my internal network
no matter the option IPFILTER_DEFAULT_BLOCK is set or not.

However, this is true only if the IPFILTER_DEFAULT_BLOCK option is removed.

The same rules were used with IPFilter 3.4.18 on FreeBSD 4.2 and no such problem was
encountered.

Thanks.

e_chelon
--- Darren Reed <avalon@caligula.anu.edu.au> wrote:
>
> That's how it is meant to work.
>
> Good to know it's working as intended.
>
> Cheers,
> Darren
>

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Dag-Erling Smørgrav: "Re: FreeBSD-SA-03:15.openssh"

Previous message: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Maybe in reply to: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
Next in thread: Dag-Erling Smørgrav: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Reply: Dag-Erling Smørgrav: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

ndis0: No buffer space available
... FreeBSD mosca.doom 5.2.1-RELEASE-p9 FreeBSD ... PING a: 56 data bytes ... ping: sendto: No buffer space available ... Información de Estados Unidos y América Latina, en Yahoo! ...
(freebsd-questions)
RE: SSH --Fixed
... can you ping your freebsd from xp. ... Yahoo! ... Sports ...
(freebsd-questions)
Re: IPFILTER_DEFAULT_BLOCK & No route to host
... I use the following rules for the internal network interface ... I believe I should able to ping and SSH the freebsd box from my internal network ... Do you Yahoo!? ...
(freebsd-stable)
interface woes, interface is up and has an ip assigned to it, but it cannot ping out and it cant be
... ifconfig shows them to be pcn0 and pcn1. ... i cannot ping another system from the FreeBSD box through either of the ... i can however ping the NIC's themselves from the FreeBSD box. ... Do you Yahoo!? ...
(freebsd-questions)
3NIC+ 2NAT
... NIC1 --> Internal Network /24 ... NIC2 --> OutSide World ... "FreeBSD is the Best Performance OS Ever Made!" ... Find out what made the Top Yahoo! ...
(freebsd-net)