List Info

Thread: pf, ping and traceroute
pf, ping and traceroute
country flaguser name
Australia		 2007-09-10 22:39:59 
greetings all,

i am new to pf and freebsd (v6.2-R), while i have been using
freebsd
for about ten years .. i stoped at about v2.2.5 (or 7) it
worked for me
and on a 386dx33 with 8 mb dram it was perfect.

now i am slowly coming to terms with freebsd v6.2, i did it
in one
step, from v2 to v6 it is a big cultural shift.

my question is to do with pf and the using of things like
ping and
traceroute, using pf (any sort of a generic 'firewall'
device/application/whatever) seems to preclude or severly
limit my
ability to do/use tools like ping/traceroute to
test/check/verify
whatever the usual admin functionality. i've read (and
rearead, and
rerea..) the documentation to me (with my learning
difficulties) it is
hard very hard to understand.

i get that it is part of teh functionality to stop outside
stuff
garbage bad people from getting to teh inside but how do i
make a
"hole" in teh 'firewall' for ping/traceroute
without opening up teh
firewall to let the same (ping/traceroute/etc) stuff come in
from teh
outside ???? 

apologies for my poor writing.

kind regards appreciations and thanks

jonathan

-- 
============================================================
====
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating
system
==== === appropriate solution in an inappropriate world ===
====
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: pf, ping and traceroute
user name
 2007-09-11 04:07:45 
On 9/10/07, jonathan michaels <joncaamora.com.au> wrote:
>
> i get that it is part of teh functionality to stop
outside stuff
> garbage bad people from getting to teh inside but how
do i make a
> "hole" in teh 'firewall' for ping/traceroute
without opening up teh
> firewall to let the same (ping/traceroute/etc) stuff
come in from teh
> outside ????
>

PF was developed by OpenBSD, so their documentation is
mostly
authoritative.  Keep in mind the PF found in FreeBSD is
slightly
different -- it isn't as new, for the most part (much of
that changed
recently thanks to Max Laier).

Anyway, have you read the OpenBSD documentation?

http://www.openbsd.org
/faq/pf/

Focus on understanding how the directions work (e.g. pass in
vs. pass
out) and also 'keep state.'  Understanding states is
critical... have
you figured out how those work yet?

Are you filtering on a router? Switch? Server?

-Kian
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: pf, ping and traceroute
country flaguser name
Australia		 2007-09-11 06:38:41 
On Tue, Sep 11, 2007 at 02:07:45AM -0700, Kian Mohageri
wrote:
> On 9/10/07, jonathan michaels <joncaamora.com.au> wrote:
> >
> > i get that it is part of teh functionality to stop
outside stuff
> > garbage bad people from getting to teh inside but
how do i make a
> > "hole" in teh 'firewall' for
ping/traceroute without opening up teh
> > firewall to let the same (ping/traceroute/etc)
stuff come in from teh
> > outside ????
> >
> 
> PF was developed by OpenBSD, so their documentation is
mostly
> authoritative.  Keep in mind the PF found in FreeBSD is
slightly
> different -- it isn't as new, for the most part (much
of that changed
> recently thanks to Max Laier).
> 
> Anyway, have you read the OpenBSD documentation?

yes, but,
 
> http://www.openbsd.org
/faq/pf/

yes, kian, my basic problem is that english is not my first
language
and i still have difficulty understanding the way that teh
document is
written.
 
> Focus on understanding how the directions work (e.g.
pass in vs. pass
> out) and also 'keep state.'  Understanding states is
critical... have
> you figured out how those work yet?

i think that i have .. but, i have a way to go yet i think.
learning
for me is a hard process of reading and reading and reading
untill i
understand it and i can get it past teh damaged bits of my
brain.

sorry, i don't have any other way of explaining what is
going on.
 
> Are you filtering on a router? Switch? Server?

pentium 133 mhz that is running freebsd v6.2 and i am using
the
included version pf. so i suppose that it is a server, yes
??

my internet connection is via a v.90 dialup modem that
provides me a
permanent connected ppp style connection/account (been using
some 10
plus years).

ext_if=ppp0	= this is teh modem, on serial (comm0/cuad0 )
port 1
int_if=de0	= nic, accton en1203 21040 (a digital 10 mhz
clone)

this is all that that there is, so i suppose its a simple
router ??

i am thinking of using pf to defend all teh internal
machines from
stuff that makes it through the firewall, is this possible
(there seems
to be nothing, that i have been able to find/understand in
teh doc or
via google) ??

this means that i am looking at using ipfw as a secondary
firewall, or
just as a filter kind of thing to keep out the stuff that is
making it
through the firewall.


> -Kian

-- 
============================================================
====
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating
system
==== === appropriate solution in an inappropriate world ===
====
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )