why is that ? about firewall

sioux · Wed Jan 10, 2007 3:29 pm

hi all
suppose that i have clear router configuration and pinging for example google.com from host which is behind router I get this:

Badanie google.com [72.14.207.99] z użyciem 32 bajtów danych:

Odpowiedź z 72.14.207.99: bajtów=32 czas=161ms TTL=242
Odpowiedź z 72.14.207.99: bajtów=32 czas=142ms TTL=242

and when I add this rule to firewall configuration

ip firewall filter add chan=forward dst-port=80 action=drop

I don't recives echo-replays!?

why? what dst-port=80 has to icmp protocol??

when I add protocol=tcp to rule above everything is ok.

Wed Jan 10, 2007 3:32 pm

you HAVE TO add protocol, or the port setting won't take effect, and will block google altogether

sioux · Wed Jan 10, 2007 3:53 pm

you HAVE TO add protocol, or the port setting won't take effect, and will block google altogether

so you are saying that my rule

add chain=forward dst-port=80 adtion=drop

is actually

add chan=forward action=drop

??

Wed Jan 10, 2007 4:05 pm

Anytime when you specify port destination/source protocol is required, otherwise rule does not work correctly.

alone · Sat Jan 13, 2007 1:08 am

you need to add the protocol tcp or whatever you need

add chain forward protocol (TCP ) dst port (80) action=accept

why is that ? about firewall

why is that ? about firewall

google problem