> On Fri, 1 Aug 1997, B. James Phillippe wrote:
>
> bryan> On Fri, 1 Aug 1997, Alan Cox wrote:
> bryan>
> bryan> > Looks like the system you are dialing into has an MTU discovery problem or
> bryan> > someone firewalled ICMP packets on it.
>
> There's your problem - Default policy reject and only accept ICMP type 8
> (which is echo request) - so it only allows echo requests, no other ICMP
> types such as "host XXX unreachable - need to frag"
>
> This is bad, and that's what's causing your hassles..
You're being too quick to judge; keep looking through the output. There
is shortly a rule that allows all types of ICMP. The first is only for
logging ping. The second is just plain "allow ICMP". Types other than 8
should fall through to this (and it does have traffic).
[root@ts1 /root]# ipfwadm -Ile
IP firewall input rules, default policy: reject
pkts bytes type prot opt tosa tosx ifname ifaddress source
destination ports
1278 118K acc icmp ---o 0xFF 0x00 any any anywhere
anywhere 8
3122K 658M acc tcp -k-- 0xFF 0x00 any any anywhere
anywhere any -> any
6401 735K acc icmp ---- 0xFF 0x00 any any anywhere
anywhere any
4723 213K acc all ---- 0xFF 0x00 lo any anywhere
anywhere n/a
240K 24M acc all b--- 0xFF 0x00 any any anywhere
dialup-1/28 n/a
72 3168 acc tcp ---- 0xFF 0x00 any any anywhere
ts1.sealabs.com any -> 22
363 64300 acc udp ---- 0xFF 0x00 any any anywhere
ts1.sealabs.com domain -> any
-bp
B. James Phillippe <bryan@Terran.ORG>
UNIX, Linux, networks, programming and all that crap.
NIC:BJP4 # http://w3.terran.org/~bryan