Hello,
I try to config my SRX650.
I defined my interfaces and zones (TRUST, UNTRUST and DMZ).
I can ping all interfaces of the SRX650 (public @ DMZ, 10.1.5.2 INTERCO, and
public @ UNTRUST)
I can ping outside hosts as 8.8.8.8 for example.
I can ping my INTERCO interface 10.1.5.1
But I
On (2011-08-19 19:03 -0400), Stefan Fouant wrote:
This is the nature of stateless firewall-filters guys... It has been this way
since the beginning and everybody else seems to understand this behavior. I
don't see anybody else screaming that this is a gaping security hole. You do
realize
Hi Saku,
I think we are simply getting the wires crossed. Your original email stated
Trio appears to change this, in inet6 simply doing 'match port X' without
'match next-header tcp|udp' correctly finds port X, regardless of its position
in the frame (you can move the UDP/TCP port position
On (2011-08-18 21:23 -0400), Stefan Fouant wrote:
Trio has nothing to do with this - the behavior when matching on a
port is completely different than using the bit-field match
operators. Even without Trio, if you specify a match on a port
without protocol, it will look in the appropriate
This is the nature of stateless firewall-filters guys... It has been this way
since the beginning and everybody else seems to understand this behavior. I
don't see anybody else screaming that this is a gaping security hole. You do
realize that this is no different than ACLs on Cisco right? If
inconsistency?
I would say gaping security hole. I wonder how many routers out there are
setup to pass any IP packet with ACK bit turned on.
Nick
On Fri, Aug 19, 2011 at 5:50 PM, Stefan Fouant
sfou...@shortestpathfirst.net wrote:
Hi Saku,
'tcp-established' or any of the other TCP bit-field
Martin,
I think the fact that any of the pings are succeeding is accidental.
Based on my initial glance at your firewall filter, you are not permitting ICMP
echo request messages and the final term drop is discarding traffic. I would
therefore, expect all pings to fail completely. The reason
On 8/18/2011 3:18 PM, Saku Ytti wrote:
On (2011-08-18 10:28 -0400), Stefan Fouant wrote:
established. This can cause strange behavior since it's only looking
for it a simple bit match against the TCP ACK or RST fields.
However because you are not tying it specifically to TCP traffic,
any
Hi everyone,
I have some MX240 routers that have been configured with four extra
routing-instances. Each routing instance has interface routes and a
default route pointing to a different transit provider.
If I try to ping with the routing-instance and source options, I
get:
ping:
Are you working on 9.1+ JUNOS version? ;) (cf: Bizaare bug of the year award
:p)
From: [EMAIL PROTECTED] on behalf of SunnyDay
Sent: Fri 26/09/2008 12:03
To: Juniper-Nsp
Subject: [j-nsp] ping output
hello anyone can explain this output has 200% success
its JUNOSe
[EMAIL PROTECTED] wrote:
Are you working on 9.1+ JUNOS version? ;) (cf: Bizaare bug of the year award
:p)
From: [EMAIL PROTECTED] on behalf of SunnyDay
Sent: Fri 26/09/2008 12:03
To: Juniper-Nsp
Subject: [j-nsp] ping output
hello anyone can
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of SunnyDay
Sent: 26 September 2008 11:03
To: Juniper-Nsp
Subject: [j-nsp] ping output
hello anyone can explain this output has 200% success?
bras01:(config)#run ping x.x.x.x
Sending 5 ICMP
* SunnyDay
hello anyone can explain this output has 200% success?
bras01:(config)#run ping x.x.x.x
Sending 5 ICMP echoes to x.x.x.x, timeout = 2 sec.
!
Success rate = 200% (10/5), round-trip min/avg/max = 0/1/9 ms
bras01:(config)#
Could you be pinging the broadcast adress of a
I have seen this before... packets were being duplicated by the Optical
network.
Anand
Leigh Porter [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09/26/2008 06:12 AM
To
SunnyDay [EMAIL PROTECTED]
cc
Juniper-Nsp juniper-nsp@puck.nether.net
Subject
Re: [j-nsp] ping output
Duplicate
Hello
i tried to ping from an E320 to another router and i got the ouput
LLL anyone know what it means??
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
PROTECTED]
To: Juniper-Nsp juniper-nsp@puck.nether.net
Sent: Friday, March 07, 2008 7:47 PM
Subject: [j-nsp] Ping
Hello
i tried to ping from an E320 to another router and i got the ouput
LLL anyone know what it means??
___
juniper-nsp
16 matches
Mail list logo