Hello ! AFAIK, ICMP ping packets, originated from Cisco router running IOS, will be sourced from primary IP address of egress interface. P.S. Is it necessary to use English here ? I am quite sure that everybody in list knows Russian and/or Ukrainian. Better than English at least. :) On Mon, Mar 14, 2005 at 04:31:14PM +0200, Oleh Hrynchuk wrote:
No, I told about different SRC IPs. For example if you have "telnetted" to router from one interface and are trying to ping outside world then SRC IP of outgoing packets in this case will be IP of interface you come in router from, not "outgoing" one.
[d@e]~# ipfw zero 1 Entry 1 cleared [d@e]~# ping -c2 -q 10.1.3.2 PING 10.1.3.2 (10.1.3.2): 56 data bytes
--- 10.1.3.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.653/0.657/0.661/0.004 ms [d@e]~# ipfw sh 1 00001 2 168 count icmp from any to any out xmit vlan3 [d@e]~#route -n get 10.1.3.2 route to: 10.1.3.2 destination: 10.1.3.2 interface: vlan3
Hi,
? ??????! -
FastEthernet3/0/0 is up, line protocol is up Internet address is A.A.A.A/24 [ ... ] Outgoing access list is fw-out
#sh ip access-lists fw-out Extended IP access list fw-out permit icmp host A.A.A.A any log permit ip any any
??????? ???????????? ? ????? ?????????????? ?? ??????? ??? ????? ?? ?????????? ?? ? matches ??????? show, ?? ? ?????. ??? ???????? ??????? ???????, ???????????? _??????_ ??????????????? ??????????, ???????? ??? ? ??????? ????????? ???????????? ACL... ???-?? ? ???? ? ?????? ???????? ?????-?? ???????????? ? ???, ??? ????? ?????? ?????????????? ? ?????????????, ?? ?? ????????? ??, ????? ? outgoing access-list'?? ?? ?????????! :)
?????, ???? ??????... รท???? ?????? - ???????? CEF. Same shit, different day... ????? ???? ?????? permit icmp ?? deny icmp - ?? ???? ?? ????????, ????? ????????. 75-? ?????????, 12.0(29)S.
Any comments?
???????.
/doka
==================================================================> > uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
-- Regards,
Oleh Hrynchuk Mobile: +380675025446 E-mail: oleh@nextra.cz
=================================================================--
NO37-RIPE
-- Regards,
Oleh Hrynchuk Mobile: +380675025446 E-mail: oleh@nextra.cz
=================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
-- S/Y, Alexander, MD, nic-hdl: AJP1-UANIC =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message