[Firehol-support] Re: cable tv internet
Grigory Fateyev
greg at anastasia.ru
Tue Dec 27 10:34:54 GMT 2005
Hello Daniel Pittman!
On Tue, 27 Dec 2005 10:29:35 +1100 you wrote:
> Grigory Fateyev <greg at anastasia.ru> writes:
> > On Mon, 26 Dec 2005 11:18:17 +1100 you wrote:
> >> Grigory Fateyev <greg at anastasia.ru> writes:
>
> [...]
>
> >> > I have cable tv network the so cald "home net". Wyhen i start
> >> > firehol ping have been lost. Why?
> >>
> >> Have you looked in the logs? Firehol, by default, writes log
> >messages > about blocked packets into the kernel message log, so they
> >should show > up in something like /var/log/syslog or
> >/var/log/messages. >
> >> That should tell you which rule is blocking your packets or, at
> >least, > give some hints about it. Post the log fragments here if
> >you can't > work it out yourself.
> >
> > Thanks for reply!
> >
> > Dec 26 15:30:50 greg kernel: OUT-home:IN= OUT=eth0 SRC=172.16.11.36
> > DST=213.180.204.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> > PROTO=ICMP TYPE=8 CODE=0 ID=36423 SEQ=6
> >
> > When i ping ya.ru see this logs. The problem is SRC, it shows local
> > net ip not real ip.
>
> OK: You sent that ping from your firewall machine, and it was blocked
> because the 'home' ruleset does not permit outbound ping packets.
>
> Add 'client ping accept' to the 'home' section of the rules and the
> problem will go away.
Thanks for reply!
The problem was in GRE client. I accept it and all is working!
--
Всего наилучшего!
greg [at] anastasia [dot] ru Григорий.
More information about the Firehol-support
mailing list