>IP fw-out deny eth0 ICMP/3 x.x.x.x y.y.y.y L=108 S=0xC0 I=26547 F=0x0000 T=64
These are ICMP Destination Unreachables and they should NOT
be filtered out. TCP/IP needs ICMP!
>And I have the following outgoing firewall rules set up for ICMP (assuming
>this is where it is):
>
> ipfwadm -O -a accept -P icmp -W $EXTERNAL_INTERFACE \
> -S $IPADDR 0 4 8 12 -D $ANYWHERE
>
> ipfwadm -O -a accept -P icmp -W $EXTERNAL_INTERFACE \
> -S $IPADDR 3 11 -D $DHCP_SERVERS
>
> ipfwadm -O -a deny -P icmp -o -W $EXTERNAL_INTERFACE \
> -S $ANYWHERE -D $ANYWHERE
Why are you filtering ICMP?
>Can someone explain what this is, and offer a suggested change to my
>firewall rules to eliminate this error?
Delete all your ICMP lines in your ruleset!
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
