From owner-freebsd-current@FreeBSD.ORG Sat Nov 12 04:11:00 2005 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A54916A41F for ; Sat, 12 Nov 2005 04:11:00 +0000 (GMT) (envelope-from sean@mcneil.com) Received: from mail.mcneil.com (mcneil.com [24.199.45.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA64C43D45 for ; Sat, 12 Nov 2005 04:10:59 +0000 (GMT) (envelope-from sean@mcneil.com) Received: from localhost (localhost.mcneil.com [127.0.0.1]) by mail.mcneil.com (Postfix) with ESMTP id 81859F2521; Fri, 11 Nov 2005 20:10:59 -0800 (PST) Received: from mail.mcneil.com ([127.0.0.1]) by localhost (triton.mcneil.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49131-04; Fri, 11 Nov 2005 20:10:59 -0800 (PST) Received: from mcneil.com (mcneil.com [24.199.45.54]) by mail.mcneil.com (Postfix) with ESMTP id 1E61CF2453; Fri, 11 Nov 2005 20:10:59 -0800 (PST) From: Sean McNeil To: Peter Jeremy In-Reply-To: <20051112034750.GC39882@cirb503493.alcatel.com.au> References: <1131755730.6959.7.camel@triton.mcneil.com> <20051112034750.GC39882@cirb503493.alcatel.com.au> Content-Type: text/plain Date: Fri, 11 Nov 2005 20:10:58 -0800 Message-Id: <1131768658.78554.2.camel@triton.mcneil.com> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mcneil.com X-Mailman-Approved-At: Sat, 12 Nov 2005 04:18:08 +0000 Cc: current@freebsd.org Subject: Re: verrevpath failure from within my own box X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Nov 2005 04:11:00 -0000 On Sat, 2005-11-12 at 14:47 +1100, Peter Jeremy wrote: > On Fri, 2005-Nov-11 16:35:30 -0800, Sean McNeil wrote: > >00300 28 2177 deny ip from any to any not verrevpath in via dc0 > > > >as you can see, there are some packets that were denied. I can > >reproduce this with nautilus by simply browsing network:///. > > How about you add a 'log' to that rule and see exactly what is matching. > That may provide a clue to you, or someone on this list, as to what is > not behaving as expected. OK, I did that. I see Nov 11 20:06:37 triton kernel: ipfw: 300 Deny UDP 24.199.45.54:63716 24.199.45.55:137 in via dc0 where 24.199.45.54 is the ip address of dc0. Nothing I didn't expect. Sean