No, I told about different SRC IPs. For example if you have "telnetted" to router from one interface and are trying to ping outside world then SRC IP of outgoing packets in this case will be IP of interface you come in router from, not "outgoing" one.
[d@e]~# ipfw zero 1 Entry 1 cleared [d@e]~# ping -c2 -q 10.1.3.2 PING 10.1.3.2 (10.1.3.2): 56 data bytes
--- 10.1.3.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.653/0.657/0.661/0.004 ms [d@e]~# ipfw sh 1 00001 2 168 count icmp from any to any out xmit vlan3 [d@e]~#route -n get 10.1.3.2 route to: 10.1.3.2 destination: 10.1.3.2 interface: vlan3
Hi,
Ñ ÂÒÅÖÕ?! -
FastEthernet3/0/0 is up, line protocol is up Internet address is A.A.A.A/24 [ ... ] Outgoing access list is fw-out
#sh ip access-lists fw-out Extended IP access list fw-out permit icmp host A.A.A.A any log permit ip any any
ÐÏÐÙÔËÁ ÔÒÅÊÓÒÁÕÔÉÔØ Ó ÜÔÏÇÏ ÍÁÒÛÒÕÔÉÚÁÔÏÒÁ ÎÁ ×ÎÅÛÎÉÊ ÍÉÒ ÎÉËÁË ÎÅ ÏÔÒÁÖÁÅÔÓÑ ÎÉ × matches ËÏÍÁÎÄÙ show, ÎÉ × ÌÏÇÁÈ. üÔÏ ËÁÓÁÅÔÓÑ ×ÓÑËÏÇÏ ÔÒÁÆÉËÁ, ÐÏÒÏÖÄÅÎÎÏÇÏ _×ÎÕÔÒÉ_ ÍÁÒÛÒÕÔÉÚÁÔÏÒÁ? óÏÂÓÔ×ÅÎÎÏ, ÎÁÞÁÌÏÓØ ×ÓÅ Ó ÐÏÐÙÔËÉ ÎÁÓÔÒÏÉÔØ ÒÅÆÌÅËÓÉ×ÎÙÊ ACL... ÞÔÏ-ÔÏ Õ ÍÅÎÑ × ÇÏÌÏ×Å ËÒÕÔÉÔÓÑ ËÁËÏÅ-ÔÏ ×ÏÓÐÏÍÉÎÁÎÉÅ Ï ÔÏÍ, ÞÔÏ ÔÁËÏÊ ÔÒÁÆÉË ÏÂÒÁÂÁÔÙ×ÁÅÔÓÑ Ó ÏÓÏÂÅÎÎÏÓÔÑÍÉ, ÎÏ ÎÅ ÎÁÓÔÏÌØËÏ ÖÅ, ÞÔÏÂÙ × outgoing access-list'ÁÈ ÎÅ ÍÁÔÞÉÔØÓÑ! :)
ìÁÄÎÏ, ÉÄÅÍ ÄÁÌØÛÅ... ÷ÓÑËÏ ÂÙ×ÁÅÔ - ÏÔËÌÀÞÉÌ CEF. Same shit, different day... óÍÅÈÁ ÒÁÄÉ ÓÍÅÎÉÌ permit icmp ÎÁ deny icmp - ÎÉ ÆÉÇÁ ÎÅ ÄÅÎÁÉÔÓÑ, ÔÒÅÊÓ ÒÁÂÏÔÁÅÔ. 75-Ñ ÐÌÁÔÆÏÒÍÁ, 12.0(29)S.
Any comments?
óÐÁÓÉÂÏ.
/doka
==================================================================> > uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
-- Regards,
Oleh Hrynchuk Mobile: +380675025446 E-mail: oleh@nextra.cz
=================================================================--
NO37-RIPE
-- Regards, Oleh Hrynchuk Mobile: +380675025446 E-mail: oleh@nextra.cz =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message