From owner-freebsd-questions Tue Jan 30 16: 2:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail10.sdc1.sfba.home.com (femail10.sdc1.sfba.home.com [24.0.95.106]) by hub.freebsd.org (Postfix) with ESMTP id AC00F37B69B for ; Tue, 30 Jan 2001 16:02:05 -0800 (PST) Received: from lovegoat ([24.9.91.184]) by femail10.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010131000205.ZCMZ6975.femail10.sdc1.sfba.home.com@lovegoat>; Tue, 30 Jan 2001 16:02:05 -0800 Message-ID: <000a01c08b19$2cca1ba0$0200a8c0@stinky.org> From: "Stephen Brandi" To: "Jonathan Chen" , "Stephen Brandi" Cc: References: <20010130085704.D91522@itouchnz.itouch> Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled. Date: Tue, 30 Jan 2001 19:03:00 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks, I did that. It still wasn't working. I finally got it fixed. Setting IPFIREWALL_DEFAULT_TO_ACCEPT did it. I'm not sure why. >Subject: Re: Network fails with IPDIVERT IPFIREWALL enabled. > On Fri, Jan 26, 2001 at 10:48:43AM -0500, Stephen Brandi wrote: > > > > I have been having a problem that has been baffling me. I have a freebsd > > 4.1 machine running natd and a totally open firewall (temporarily). When I > > boot with kernel.GENERIC networking (local net and cable modem to > > internet) work fine, but no routing happens (as expected). When I boot > > with my custom kernel with options IPDIVERT and IPFIREWALL enabled, I am > > unable to use either network interface. I can't even ping localhost. > > I ran a diff on GENERIC and MYKERNEL and these were the only differences. > > > > Gateway, natd, and firewall are enabled in rc.conf > > When you install a IPFIREWALL'd kernel, you have to make sure that > either your firewall rules are set up, or that you have in > /etc/rc.conf: > > firewall_enable="YES" > firewall_type="OPEN" > > -- > Jonathan Chen > ---------------------------------------------------------------------- > The human mind ordinarily operates at only ten percent of its capacity > -- the rest is overhead for the operating system. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message