do you mind post your all of your ospf setting and your network diagram.
> Send Znog mailing list submissions to
> znog@dishone.st
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.dishone.st/mailman/listinfo/znog
> or, via email, send a message with subject or body 'help' to
> znog-request@dishone.st
>
> You can reach the person managing the list at
> znog-owner@dishone.st
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Znog digest..."
>
>
> Today's Topics:
>
> 1. Quagga, OSPF and IPFW (smtpspy007-tech@yahoo.com)
> 2. Re: Quagga, OSPF and IPFW (Miles Nordin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 3 Oct 2005 06:51:46 -0700 (PDT)
> From: <smtpspy007-tech@yahoo.com>
> Subject: [Znog] Quagga, OSPF and IPFW
> To: znog@dishone.st
> Message-ID: <20051003135146.43740.qmail@web81010.mail.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> Hello!
>
> I am using Quagga on FreeBSD 5.4 to pass routing
> information via OSPF to a Cisco router.
>
> My problem is that OSPF works fine when I allow
> everything through the firewall, but breaks when I try
> to implement more restrictive rules.
>
> I am new to OSPF and to IPFW, so I'm sure there is
> something I am missing. My understanding is that all
> I should need to do is to allow the OSPF protocol (IP
> type 89) and IGMP from 224.0.0.5/6 through both ways.
> I thought my rules did that, but OSPF remains in the
> INIT state and never reaches FULL.
>
> This is what my rule list looks like:
>
> 00010 allow ip from any to any via lo0
> 00015 check-state
> 00100 allow tcp from me to any out via bge0 setup
> keep-state
> 00105 allow ip from me to any out via bge0
> 00200 allow icmp from any to any in via bge0
> 00225 allow ospf from any to me in via bge0
> 00230 allow ip from 224.0.0.5 to me in via bge0
> 00235 allow ip from 224.0.0.6 to me in via bge0
> 00999 deny ip from any to any
>
> Can anyone tell me what I'm doing wrong?
>
> Rich Parkin
> Talk America, Network Systems Engineer
>
> Rich
> (aka BlueBard, aka Bluegeek)
> www.bluegeek.net
>
> ------------------------------
>
> Message: 2
> Date: Mon, 03 Oct 2005 18:35:40 -0400
> From: Miles Nordin <carton@Ivy.NET>
> Subject: [Znog] Re: Quagga, OSPF and IPFW
> To: znog@dishone.st
> Message-ID: <oqwtku9qkj.fsf@castrovalva.Ivy.NET>
> Content-Type: text/plain; charset="us-ascii"
>
> smtpspy> 00230 allow ip from 224.0.0.5 to me in via bge0
> smtpspy> 00235 allow ip from 224.0.0.6 to me in via bge0
>
> I don't know the proper way to configure your firewall, but I can tell
> you one thing: no valid packet will ever have a multicast address in
> the source, neither for IPv4 nor v6. Multicast addresses are valid
> for destination only.
>
> You can ping the multicast addresses to see if you are getting joined
> properly. Maybe you can use 'ifmcstat' but for me that works for v6
> multicast only.
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 304 bytes
> Desc: not available
> Url :
> http://www.dishone.st/pipermail/znog/attachments/20051003/1e810cc3/attachment-0001.bin
>
> ------------------------------
>
> _______________________________________________
> Znog mailing list
> Znog@dishone.st
> http://www.dishone.st/mailman/listinfo/znog
>
>
> End of Znog Digest, Vol 14, Issue 1
> ***********************************
>
> Send Znog mailing list submissions to
> znog@dishone.st
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.dishone.st/mailman/listinfo/znog
> or, via email, send a message with subject or body 'help' to
> znog-request@dishone.st
>
> You can reach the person managing the list at
> znog-owner@dishone.st
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Znog digest..."
>
>
> Today's Topics:
>
> 1. Quagga, OSPF and IPFW (smtpspy007-tech@yahoo.com)
> 2. Re: Quagga, OSPF and IPFW (Miles Nordin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 3 Oct 2005 06:51:46 -0700 (PDT)
> From: <smtpspy007-tech@yahoo.com>
> Subject: [Znog] Quagga, OSPF and IPFW
> To: znog@dishone.st
> Message-ID: <20051003135146.43740.qmail@web81010.mail.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> Hello!
>
> I am using Quagga on FreeBSD 5.4 to pass routing
> information via OSPF to a Cisco router.
>
> My problem is that OSPF works fine when I allow
> everything through the firewall, but breaks when I try
> to implement more restrictive rules.
>
> I am new to OSPF and to IPFW, so I'm sure there is
> something I am missing. My understanding is that all
> I should need to do is to allow the OSPF protocol (IP
> type 89) and IGMP from 224.0.0.5/6 through both ways.
> I thought my rules did that, but OSPF remains in the
> INIT state and never reaches FULL.
>
> This is what my rule list looks like:
>
> 00010 allow ip from any to any via lo0
> 00015 check-state
> 00100 allow tcp from me to any out via bge0 setup
> keep-state
> 00105 allow ip from me to any out via bge0
> 00200 allow icmp from any to any in via bge0
> 00225 allow ospf from any to me in via bge0
> 00230 allow ip from 224.0.0.5 to me in via bge0
> 00235 allow ip from 224.0.0.6 to me in via bge0
> 00999 deny ip from any to any
>
> Can anyone tell me what I'm doing wrong?
>
> Rich Parkin
> Talk America, Network Systems Engineer
>
> Rich
> (aka BlueBard, aka Bluegeek)
> www.bluegeek.net
>
> ------------------------------
>
> Message: 2
> Date: Mon, 03 Oct 2005 18:35:40 -0400
> From: Miles Nordin <carton@Ivy.NET>
> Subject: [Znog] Re: Quagga, OSPF and IPFW
> To: znog@dishone.st
> Message-ID: <oqwtku9qkj.fsf@castrovalva.Ivy.NET>
> Content-Type: text/plain; charset="us-ascii"
>
> smtpspy> 00230 allow ip from 224.0.0.5 to me in via bge0
> smtpspy> 00235 allow ip from 224.0.0.6 to me in via bge0
>
> I don't know the proper way to configure your firewall, but I can tell
> you one thing: no valid packet will ever have a multicast address in
> the source, neither for IPv4 nor v6. Multicast addresses are valid
> for destination only.
>
> You can ping the multicast addresses to see if you are getting joined
> properly. Maybe you can use 'ifmcstat' but for me that works for v6
> multicast only.
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 304 bytes
> Desc: not available
> Url :
> http://www.dishone.st/pipermail/znog/attachments/20051003/1e810cc3/attachment-0001.bin
>
> ------------------------------
>
> _______________________________________________
> Znog mailing list
> Znog@dishone.st
> http://www.dishone.st/mailman/listinfo/znog
>
>
> End of Znog Digest, Vol 14, Issue 1
> ***********************************
>