Re: Problems with IPFW and 5.3-BETA1
From: Andre Oppermann (andre_at_freebsd.org)
Date: 08/26/04
- Previous message: Ulrich Spoerlein: "ndiscvt: Unresolved symbols / kldload if_ndis panic"
- In reply to: Radek Kozlowski: "Problems with IPFW and 5.3-BETA1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 26 Aug 2004 12:28:34 +0200 To: Radek Kozlowski <radek@raadradd.com>
Radek Kozlowski wrote:
> I upgraded a remote dedicated server from 5.1 to 5.3-BETA1 today with a
> step by step procedure described in /usr/src/Makefile and everything
> went ok. Well, almost. I compiled the kernel (took the GENERIC conf
> from 5.3, so options PFIL_HOOKS is already there) with:
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=100
>
> put firewall_enable="YES", firewall_type="open" in rc.conf, rebooted and
> locked myself out (world and kernel are in sync, before someone asks).
> After I could access the box again I tried to see what was wrong:
>
> root@wesside:~# ipfw show
> 00100 0 0 allow ip from any to any
> 65535 0 0 deny ip from any to any
> root@wesside:~# ping yahoo.com
> PING yahoo.com (66.94.231.98): 56 data bytes
> 64 bytes from 66.94.231.98: icmp_seq=0 ttl=58 time=3.324 ms
> 64 bytes from 66.94.231.98: icmp_seq=1 ttl=54 time=5.138 ms
> 64 bytes from 66.94.231.98: icmp_seq=2 ttl=58 time=3.671 ms
> ^C
> --- yahoo.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 3.324/4.044/5.138/0.786 ms
> root@wesside:~# ipfw show
> 00100 0 0 allow ip from any to any
> 65535 0 0 deny ip from any to any
>
> Why aren't the packet and byte counters increased?
>
> Since the firewall was totally unresponsive to any rulset changes I
> removed above options from the kernel and decided to try the module
> instead. With firewall_type="open" left in rc.conf (but firewall_enable
> changed to "NO") I executed
> `kldload /boot/kernel/ipfw.ko && sh /etc/rc.firewall ; sleep 100 ;
> kldunload ipfw ; sleep 200 ; reboot` and locked myself out again. I
> don't know what really happend and am still waiting for the reply from
> the support team of the hosting company, but is it me or there's
> something wrong with ipfw? Anyone else seeing this?
There is no known problem with ipfw. I can only speculate but it might
be that your /sbin/ipfw is out of sync with the kernel despite a make world.
Other than that could provide the output of 'ifconfig -a'?
-- Andre _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
- Previous message: Ulrich Spoerlein: "ndiscvt: Unresolved symbols / kldload if_ndis panic"
- In reply to: Radek Kozlowski: "Problems with IPFW and 5.3-BETA1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
