Re: [Fwknop-discuss] fwknop-2.5-pre2

Wed, 03 Jul 2013 20:58:12 -0700 

On 7/3/13 8:23 PM, Michael Rash wrote:
> On Jul 03, 2013, Blair Zajac wrote:
>> On 6/11/13 2:35 PM, Michael Rash wrote:
>>> On Jun 11, 2013, Blair Zajac wrote:
>>>> On 6/10/13 8:12 PM, Michael Rash wrote:
>>> Now, the above assumes that the test suite is working properly to begin
>>> with on your system, and the previous output you sent makes me suspect
>>> that you may need to adjust your local ipfw policy to accept traffic
>>> over the loopback interface since fwknopd didn't appear to receive any
>>> SPA traffic.
>>
>> Yup, appears like that.  What do you suggest to test this correctly?
>
> Perhaps adding a rule like "ipfw 00010 allow all from any to any via lo0"
> would work?  You can test with tcpdump and netcat - the following
> scenario works, then the fwknop test suite should also work I think:

This doesn't work:

# ipfw 00010 allow all from any to any via lo0
ipfw: bad command `allow'

> # tcpdump -i lo0 -l -nn -s 0 -X port 62201
> # echo "test" | nc -u 127.0.0.1 62201

This works with no ipfw changes:

# tcpdump -i lo0 -l -nn -s 0 -X port 62201
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes
20:54:42.886619 IP 127.0.0.1.64601 > 127.0.0.1.62201: UDP, length 5
        0x0000:  4500 0021 1bb4 0000 4011 0000 7f00 0001  E..!....@.......
        0x0010:  7f00 0001 fc59 f2f9 000d fe20 7465 7374  .....Y......test
        0x0020:  0a                                       .
^C
1 packets captured
2 packets received by filter
0 packets dropped by kernel


> If you see the packet in the tcpdump output, then ipfw is not in the
> way, and hence fwknop traffic should also be seen by fwknopd over
> loopback.

BTW, if you want to punt on PPC support, that's fine with me.  I have a 
patched 2.0.4 that works.  I'm hoping to get the next generation of 
MacBook Pro, whenever that is, so the x86_86 version should work.

Blair

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to