So we've got an issue that's been perplexing us.
We're using a FreeBSD box as a router, with 1 NIC set to a low MTU (VPN reasons) and another NIC set to a normal MTU.
NIC 1 is the route out to to the internet + IPSec interface - MTU = 1350
NIC 2 is the route into our network - MTU = 1500...
On starting my PC, I could not get the icmp commands (ping, etc) to work. Needless to say services like email don't work but not web servers, which surprisingly work. Webpages are accessible. I always have to run "service pf reload" but email server and icmp commands would work.
Below is my pf...
I am new to Linux/BSD.
I am using a Debian system with a KFreeBSD kernel.
Whenever I try to initiate PF with the pf.conf as below, it gives the error as in the image.
My pf.conf is,
pass inet proto icmp from any to any
pass log (all) proto icmp from any to any
altq on le0 cbq bandwidth 500Kb...
My servers Dreamer and Wren each have two interfaces, connected to two routers. The re0 interfaces are connected to the 192.168.14.* subnet, and the re1 interfaces are connected to the 192.168.1.* subnet. The 192.168.1.* subnet originates at a Verizon router, which is also upstream from an...
I don't fully understand ICMP. Some Internet servers, as I've read, can function perfectly with ICMP completely blocked, but I don't necessarily want to block them all in my firewall.
Which ICMP types can be completely blocked (from any direction) to mitigate portscans?
Would blocking all ICMP...