From owner-freebsd-questions@FreeBSD.ORG Fri Mar 26 07:53:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9656D106564A for ; Fri, 26 Mar 2010 07:53:34 +0000 (UTC) (envelope-from tongai@yoafrica.com) Received: from ns2.yoafrica.com (ns2.yoafrica.com [66.135.41.73]) by mx1.freebsd.org (Postfix) with ESMTP id 644ED8FC08 for ; Fri, 26 Mar 2010 07:53:34 +0000 (UTC) Received: from zwsmtp2.yoafrica.com ([41.190.32.2]) by ns2.yoafrica.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1Nv3QI-0001mq-82 for freebsd-questions@freebsd.org; Fri, 26 Mar 2010 08:53:38 +0200 Received: from [196.44.176.58] (helo=cafemol.yoafrica.com) by zwsmtp2.yoafrica.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Nv3OK-00088m-HJ for freebsd-questions@freebsd.org; Fri, 26 Mar 2010 08:51:36 +0200 Received: from zion.yoafrica.com ([196.44.177.43]) by cafemol.yoafrica.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Nv3Pr-000PNH-SK for freebsd-questions@freebsd.org; Fri, 26 Mar 2010 08:53:11 +0200 Message-ID: <4BAC59D4.8050605@yoafrica.com> Date: Fri, 26 Mar 2010 08:53:08 +0200 From: "Tongai. T Zimbiti" User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw and ssh problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2010 07:53:34 -0000 Hi guys, I have searched everywhere and failed to find a solution, hence I write you. I have installed 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 together with ipfw. The problem I have is this, if I am on the box I can restart my firewall with no problem, but when I log in remotely and restart the firewall for reason I am locked out and can not ssh into it. Below is the messages log: Mar 25 14:51:04 panadine kernel: Trying to mount root from ufs:/dev/ad4s1a Mar 25 14:51:04 panadine kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled Mar 25 14:51:06 panadine kernel: ae0: link state changed to UP Mar 25 14:51:16 panadine ntpd[645]: ntpd 4.2.4p5-a (1) Mar 25 14:51:17 panadine nrpe[698]: Starting up daemon Mar 25 14:51:25 panadine ntpd[646]: kernel time sync status change 2001 Mar 25 14:51:32 panadine su: systz to root on /dev/pts/0 Mar 25 15:01:46 panadine kernel: ifa_del_loopback_route: deletion failed Mar 25 15:01:46 panadine kernel: ae0: link state changed to DOWN Mar 25 15:01:47 panadine sshd[829]: fatal: Write failed: Permission denied Mar 25 15:01:48 panadine kernel: ae0: link state changed to UP Here is a few lines from my /etc/firewall_rules # vim: set syntax=pf : -f flush # Let me talk out add 100 allow all from me to any out keep-state add 101 allow icmp from any to any via any add 102 allow udp from any to any 33434-33523 # Deal with loopback #add 1000 allow all from any to any via lo0 add 1001 deny ip from any to 127.0.0.0/8 add 1002 deny ip from 127.0.0.0/8 to any # Allow established and fragmented sessions add 2000 allow tcp from any to any established add 2001 allow ip from any to any frag add 2002 check-state add 2003 allow icmp from any to any I have enabled net.inet.ip.fw.verbose=1 in /etc/sysctl.conf please help regards Tongai