Date: Wed, 14 Apr 2004 15:02:01 +0200 From: Vincent Vandalon <v.vandalon@student.tue.nl> Cc: freebsd-questions@freebsd.org Subject: Re: Vim and NFS and ipfilter(strange problem) Message-ID: <407D3649.4090706@student.tue.nl> In-Reply-To: <40791F66.6020801@student.tue.nl> References: <407926CD.70708@farmerstel.com> <40791F66.6020801@student.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
hi all, i discovered what the problem was/is. I just want to post it here, because i think it is rather strange(and hopefully help other people who have the same problem). It did not only happen with vim, but with some other program's also(feh,nview). BTW i forgot to mention this, i use FreeBSD version 5.1 To find the problem i started with a new ruleset allowing everything on all devices. I then added the standard dangerous packages options(short, ipopts), and i noticed that NFS died when i added the "short" option. I switched back to the original config and commented that one out, and it worked fine. I only have to guess where the short packages are coming from :S They shouldn't be there I think.(BTW i have a realtech nic so maybee...) Sugestions are welcome, Cheers Vincent Vandalon wrote: > Hi all, > > i've set up a firewall with ipfilter. Since i use the deny stance, i > needed to jump trough some hoops to get NFS working. > I am currently just manually mapping the ports mountd is using. But it > seems to work... for 99% > > I am able to do with the mounted nfs disk what i want, i can create > new files( 'touch newfile' and vi 'newfile2' and i can write content > in the file with vi) i can delete, read. > But(...) when i use viM it will hangs it self. I can't manually kill > it(exit-status doesn't matter, it won't die). And i don't get an > error, so i have no clue what's wrong. My guess is that it is still > busy, looped or something... > > So i removed(==recompiled kernel) ipfilter and vim worked fine on the > nfs mount. Recompiled my kernel again with ipfilter and vim hang > itself again. So it is vim+ipfilter > > I think it is still something with my configuration fo ipfilter, i > have a basic rules set. I am still in the learning/finetuning phase, > but i coulnd't find anything about this on google, onlamp, > freebsddiary etc. > > Can anybody point me in the right direction? > > Regards Vincent > > =================config file (sorry comments are in dutch, but still > reable in english i guess)=============== > > #een regel om kleine packages te blokken > block in log quick on rl0 from any to any with short > > #Alle tcp blokken > block in log proto tcp all flags S/SA > > #webserver laten zien > pass in quick proto tcp from any to any port = www keep state > > #ssh door laten > pass in quick proto tcp from any to any port = ssh keep state > pass in quick proto udp from any to any port = ssh keep state > > #pop door laten > pass in quick proto tcp from any to any port = pop3 keep state > > #imap doorlaten > pass in quick proto tcp from any to any port = 143 keep state > pass in quick proto udp from any to any port = 143 keep state > > #smtp ook maar doolaten, in en uit > pass in quick proto tcp from any to any port = 25 keep state > pass out quick proto tcp from any to any port = 25 keep state > > #nfs pass in quick proto tcp/udp from any to any port = 2049 keep state > pass out quick proto tcp/udp from any to any port = 2049 keep state > > pass in quick proto tcp/udp from any to any port = 111 keep state > pass out quick proto tcp/udp from any to any port = 111 keep state > > #hack voor mountd > pass in quick proto tcp/udp from any to any port = 1021 keep state > pass in quick proto tcp/udp from any to any port = 1023 keep state > > #samba doorlaten pass in quick on rl0 proto udp from any to any port = > 137 keep state > pass in quick on rl0 proto udp from any to any port = 138 keep state > pass in quick on rl0 proto tcp from any to any port = 139 keep state > > #printer pass in quick on rl0 proto tcp/udp from any to any port = 515 > keep state > > #dns server > pass out quick on rl0 proto tcp/udp from any to any port = 53 keep state > > #eigen verbindingen toestaan > pass out quick on rl0 proto tcp all keep state > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?407D3649.4090706>