I have a -current install from just before egcs and am using DummyNet to experiment with network protocols. I've been applying the rules to the loopback device so as to prevent other interference. It seems to work well, except that ICMP seems not to be working for me. At one point in the past, I am certain that it did work. Here is the ruleset:
sleipnir:/homea/robert# ipfw list 00001 pipe 5 ip from 127.0.0.1 to 127.0.0.1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any The pipe is configured: sleipnir:/homea/robert# ipfw pipe 5 config bw 10Mbit/s delay 150ms And ping localhost simply doesn't get any response, except once in a blue moon when a 600ms packet turns up. Tcpdump indicates that packets are going out but not being responded to: tcpdump: listening on lo0 13:02:09.201061 127.0.0.1 > 127.0.0.1: icmp: echo request 13:02:10.211104 127.0.0.1 > 127.0.0.1: icmp: echo request 13:02:11.221089 127.0.0.1 > 127.0.0.1: icmp: echo request 13:02:12.231110 127.0.0.1 > 127.0.0.1: icmp: echo request 13:02:13.241125 127.0.0.1 > 127.0.0.1: icmp: echo request When I load up tcpdump, I see: Apr 30 13:02:28 sleipnir last message repeated 19 times Apr 30 13:02:29 sleipnir /kernel: lo0: promiscuous mode enabled Apr 30 13:02:29 sleipnir /kernel: looutput: af=0 unexpected Normal UDP/TCP/etc all seem to get there fine, just not any ICMP (or at least not pings). For example, the ICMP port unreachable packet for telneting to an invalid port also disappears. Any advice here would be quite welcome :) Robert N Watson rob...@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
