[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    Re: [Sidewinder] Ping Proxy
From:       Sidewinder moderated discussion list <sidewinder () adeptech ! com>
Date:       2009-11-09 14:26:53
Message-ID: 0288F718808D8A4B9108CAA5EE507D0D95CA60DC64 () MEWMAD0PC02G01 ! accounts ! wistate ! us
[Download RAW message or body]

At first I figured you might check to make sure you haven't disabled passing thru \
ICMP on the affected interface, or that some other higher-priority deny rule isn't \
taking hold.  But you seem to have covered all of those bases already.

Sounds to me like something isn't compliant with the ICMP standard, either the router \
being too fussy or the Sidewinder proxy is getting something wrong (like perhaps \
returning it with the wrong IP or MAC address).

JRJ


> I am workingon a major install of a bunch of sidewinders.  All are running
> the same version and I use the ping proxy to allow ping through as needed.
> I just ran into a location last night where the ping proxy was not working.
> To test I got on routers on either side of the firewall and watched as the
> ho replies went all the way through and the echo replies came all the way
> back, proxies of course, but that shouldn't matter.  I even got onto the
> "client" router and verified that the echo reply is returning to that
> router's initiating interface, however the router shows a failed ping.
> Putting in a rule using the ICMP Packet Filter also failed but putting in an
> "Other Protocol Packet Filter" using icmp worked just fine. What is odd is
> that I have not had any probs at the other roughly 20 locations I've done
> this at.  The rule is near the top.about pos 5 right after a few "to the
> firewall" rules.  The version is 7.0.0.06.  Today I'm going catching the
> packets using the  working other protocol icmp filter and then using the
> ping proxy and compare them.  It is almost as if the echo-reply is changed
> to the point that the originator of that ping does not see it as belonging
> to that echo request.


_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic