Changed ISP now can't get to websites / traceroute

[Stacey Roberts]

Hello Frank,

On Mon, 2003-07-07 at 19:23, Frank Knobbe wrote:
> On Mon, 2003-07-07 at 13:52, Stacey Roberts wrote:
> 
> > 2] Does anyone know of any reason why traceroute might fail on FreeBSD,
> > but work on Win2K Pro?
> 
> Stacey,
> 
> FreeBSD uses UDP based traceroute while Windows boxes use ICMP based
> traceroute. Some providers (like ComCast cable) block ICMP packets (so
> tracert on Windows fails), but let UDP packets through (which means that
> BSD based traceroute succeeds).
> 

Ahh.., that's got to be it.., I'll have a look at my ipfw ruleset and
see if there's something can be tweaked..,

For what its worth, here are the relevant statements that previously
worked with my PIPEX adsl connection:

$fwcmd add 00640 allow tcp from any to any out via $oif setup keep-state
uid root
$fwcmd add 00641 allow tcp from any to any in via $oif setup keep-state
uid root
$fwcmd add 00642 allow udp from me to any 33435-33500 out via $oif
keep-state
$fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif
limit src-addr 2
 
# Allow out ping function
$fwcmd add 00650 allow icmp from any to any out via $oif keep-state

And here's all the icmp-related statements:

$ grep -i icmp /etc/firewall/fwrules
$fwcmd add 00643 allow icmp from any to me icmptype 3,11 in via $oif
limit src-addr 2
$fwcmd add 00650 allow icmp from any to any out via $oif keep-state
$fwcmd add 00860 deny log icmp from any to me icmptype 0,8 in via $oif
$

These worked fine before.., Can't imagine why they wouldn't be okay now.

Thanks again for the info, Frank.., That's another one of those
things...,

Regards,

Stacey

> HTH,
> Frank
-- 
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com