Re: IPFWADM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: George B. Winston IV: "Re: IPFWADM"
• Previous message: Giles Warham: "Re: IPFWADM"
• Maybe in reply to: Giles Warham: "IPFWADM"
• Next in thread: George B. Winston IV: "Re: IPFWADM"

> > Why are you using firewall at all ? You don't appear to need it.
>
> I need it to stop AmprNET users accessing the internet via my site - it is
> not legal for them to do so in this country (besides, my phone bill would
> be massive @3.95 pence / min :-( (thats weekdays)... The reverse is also
> true. I also didnt want to masq. all routes, just some of them, so
> obviously I have to tune the firewall appropriatly.

They won't be able to in any case. They may be able to inject datagrams
into the Internet, but they certainly won't have any responses routed
back that way. You could use an Output filter on your ISP link that
filtered any datagrams with a source address of 44.* to prevent them
the forward direction.

> > So, to summarise the problem again:
> >
> > g7tgr is a linux based router running 2.0.29 revision kernel with
> > AX.25 and IPIP encap support. It has an IPIP tunnel to g7szb via
> > an AX.25 lan. When you attempt to ftp files between g7tgr and
> > any of the MS Windows for Workgroups hosts on the ethernet network
> > supported by g7szb, you get kernel panics on g7tgr ?
>
> G7SZB is the FTP Host (10.0.0.1)
> My client is 192.168.2.6 (a wfwg box).
> All other details correct.

Oh, ok, so I have the problem the other way around, it is when you are
using a WFW machine on your ethernet segment to an ftp server via the
tunnel that causes the panic on your local router (g7tgr).

> > Have you confirmed that you do _not_ get kernel panics when you
> > ftp to/from g7szb itself ? Is there any difference between ftping
> > to the 44.* address of g7szb and ftping to the non-44.* address of
> > g7szb ?
>
> Yes, and Yes - G7TGR<>G7SZB (ie linux to linux) works fine via the tunnel
> (only tried it once though). G7SZB (44) <> 192.168.2.6 via G7TGR using
> masq rather than the tunnel works fine. Only using either W95 or Wfwg via
> the Tunnel causes the Kernel Panic at my End. Havent tried reversing the
> rolls yet, but I am assuming that SZB's linux box will crash - the setups
> are almost identical.

Ok, try setting the mtu/mss on your wfw machine to something low enough
that
the datagram will not be fragmented at your router (g7tgr) in the
forward
direction. Perhaps it is a fragmentation thing ? Does the kernel panic
at the time you place the connection, or later when you start the
get/put ? Does it happen for both get and put or just one or the other ?

Terry

• Next message: George B. Winston IV: "Re: IPFWADM"
• Previous message: Giles Warham: "Re: IPFWADM"
• Maybe in reply to: Giles Warham: "IPFWADM"
• Next in thread: George B. Winston IV: "Re: IPFWADM"