Forum Discussion
ray_1882_110233
Nimbostratus
NimbostratusPacket Filtering for block ICMP Traffic
In my network design, it consists of 3 network segment which is VLAN_Internal, VLAN_ISP1, VLAN_ISP2.
So i created 2 packet filter rules to block the ICMP from external network (VLAN_ISP1 & VLAN_ISP2) and it works perfectly.
However, when i ping from the internal segment (VLAN_Internal), i found that the ping packets is intermittent drops, but when i "disable" the packet filters features on F5, and the ping become smooth..
Any idea wat will causes this problem?
thanks..
Best Regards,
Ray
hooleylistCirrostratus
Hi Ray,
I suggest capturing tcpdumps on LTM and opening a case with F5 Support on this. For details, see SOL411 on AskF5.com:
sol411: Overview of packet tracing with the tcpdump utility
http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html
Aaron
Yann_BruneauHello Ray,
I've got the same issue. It seems that the packet filter drops some ICMP reply coming back from the destination.
I've managed to make things work correctly by modifying the packet filter rule and adding the following condition :
and (icmp[0] = 8)
This will tell the filter to only drop icmp request from outside IP, the icmp reply will never be dropped.
Hope this will help
Yann