On Thu, 30 Sep 2004, Frank Volf wrote:
Hisashi T Fujinaka wrote:
OK, so if anyone can help, here's my problem. I can't ping my machine at
home. I have the following rules:
pass out on le0 proto icmp from any to any keep state
pass in quick on le0 proto icmp from any to x.x.x.x/32
Shouldn't you be using keep state on the incoming packet:
pass in quick on le0 proto icmp from any to x.x.x.x/32 keep state
That way, you don't need the pass out rule.
Frank
And pinging from outside the logs show:
Sep 28 23:21:14 fls ipmon[137]: 23:21:13.930960 le0 @0:67 p outside[y.y.y.y] ->
gateway[x.x.x.x] PR icmp len 20 84 icmp echo/0 IN
Sep 28 23:21:14 fls ipmon[137]: 23:21:13.931469 le0 @0:46 b gateway[x.x.x.x] ->
outside[y.y.y.y] PR icmp len 20 84 icmp echoreply/0 K-S OUT
The rules haven't changed and the box used to be pingable. I don't know
if a misconfigured rule is now being enforced or something.
Any help would be greatly appreciated.
Thanks! That works, too!
I guess the remaining question is: why did it quit working lately? Maybe
it should have worked before?
--
Hisashi T Fujinaka - [EMAIL PROTECTED]
BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte
