On Wed, 17 May 2006 15:15:49 +1200 Volker Kuhlmann <[EMAIL PROTECTED]> wrote:
> > Bug 1: it never accepts pings from internal,server, or outside (just logs > > and dumps). > > Wrong. > > PING 192.168.3.5 (192.168.3.5) 56(84) bytes of data. > > 64 bytes from 192.168.3.5: icmp_seq=1 ttl=127 time=0.502 ms > > I'm not interested in silly arguments, feel free to come over and look > for yourself that the ping never comes back. I've reinstalled several > times now too, and I've checked several times now and feel quite > confident that what I'm saying is correct. > > > > tcp port outside... and the user setup doesn't allow configuration of > > > anything but udp or tcp. > > Wrong. > > GRE DEFAULT IP : GRE => 192.168.xxx.yyy : GRE VPN > > This is silly nitpicking. Yes *one* of the GUI tabs allows for GRE on > top of tcp or udp. "DMZ pinholes" does not. Still doesn't allow to enter > icmp, or any other of the IP, does it? > > > Sorry Volker, you're just plain wrong on most of your points. > > Really? Like which - that it doesn't support egress filtering? > > > Are you > > using the current version? It's at 1.4.10. > > Yes (see answer to Nick). > > > What netmasks are you using? Default for 10.x is class A which will > > screw your routing. > > I'm not that stupid ;) 255.255.255.240, so I can test it all on the same > class C. The fact that all tcp are routed as expected, but the ping > responses fail to materialise, is a dead give-away. So is pings suddenly > working after adding corresponding iptables rules: nothing to do with > interface addresses or routing tables, only with dodgy iptables rules. > > I've just had a look at Endian firewall - based on ipcop. The pings just > work - yes on the same IP numbers and masks. The port forwarding and > pinholing masks are as badly designed as ipcop's (i.e., identical), in > many other places the BUI is much improved - dhcp server config is very > nice, and clearly distinguishes between interfaces (can't remember > whether ipcop even did that). Traffic shaping's not any better (only > works on external interface), but the outbound filtering setup is good, > and as I expect from any router worth mentioning. Nice SMTP proxy too, > by the looks of the BUI. > > Volker > > -- > Volker Kuhlmann is list0570 with the domain in header > http://volker.dnsalias.net/ Please do not CC list postings to me. ... as long as you're not using 10.x.y.0, .15, .16, .31 etc, I'm not too sure what is not working on your implementation. As for the rest, I bow to your 8 hours of experience, and bow out of this discussion. Steve
