On Sunday, December 14, 2003, at 01:49 AM, Ian Moore wrote:
# Allow outgoing pings
${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}

where I have defined ${oif} as
where xl1 is my external interface

The above lines don't allow pings to the outside world, but if I comment out
via ${oif} then it does allow them.

I'd have to know more about your firewall to be certain, but it looks kind of like you've over-looked the IFPW rules that would be needed by your internal interface. If the external interface allows pings but the internal doesn't, then it won't let pings pass through the box. They will be stopped at the internal interface on their way from your internal workstation to the firewall.

                                                                Hope that helps,

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to