From owner-freebsd-questions@FreeBSD.ORG Thu Jul 17 15:03:48 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7DBB31065672 for ; Thu, 17 Jul 2008 15:03:48 +0000 (UTC) (envelope-from roberthuff@rcn.com) Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net [207.172.157.102]) by mx1.freebsd.org (Postfix) with ESMTP id 3CE608FC16 for ; Thu, 17 Jul 2008 15:03:48 +0000 (UTC) (envelope-from roberthuff@rcn.com) Received: from mr02.lnh.mail.rcn.net ([207.172.157.22]) by smtp02.lnh.mail.rcn.net with ESMTP; 17 Jul 2008 11:03:47 -0400 Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11]) by mr02.lnh.mail.rcn.net (MOS 3.8.6-GA) with ESMTP id OWA29591; Thu, 17 Jul 2008 11:03:47 -0400 (EDT) Received: from 209-6-22-188.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO jerusalem.litteratus.org.litteratus.org) ([209.6.22.188]) by smtp01.lnh.mail.rcn.net with ESMTP; 17 Jul 2008 11:03:45 -0400 From: Robert Huff MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18559.24401.117836.697784@jerusalem.litteratus.org> Date: Thu, 17 Jul 2008 11:03:45 -0400 To: questions@freebsd.org X-Mailer: VM 7.17 under 21.5 (beta28) "fuki" XEmacs Lucid X-Junkmail-Whitelist: YES (by domain whitelist at mr02.lnh.mail.rcn.net) Cc: Subject: can't ping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 15:03:48 -0000 After upgrading a -CURRENT box from the April 19 version to one from yesterday, ping on that box seems to be broken. (I noticed the behavior today; I don't know whether it's directly related to the upgrade or not.) Specifically: huff@>> netstat -rn -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 209.6.22.1 UGS 0 1917213 em0 10.0.0.0/8 link#2 UC 0 0 em1 10.0.0.1 00:0e:0c:a8:a7:e9 UHLW 1 38374 lo0 10.255.255.255 ff:ff:ff:ff:ff:ff UHLWb 1 267 em1 127.0.0.1 127.0.0.1 UH 0 272685 lo0 209.6.22.0/23 link#1 UC 0 0 em0 209.6.22.1 00:0d:66:25:50:01 UHLW 2 25 em0 1196 209.6.22.188 00:0e:0c:a8:a7:e8 UHLW 1 6 lo0 209.6.23.255 ff:ff:ff:ff:ff:ff UHLWb 1 267 em0 huff@>> ping 209.6.22.188 PING 209.6.22.188 (209.6.22.188): 56 data bytes 64 bytes from 209.6.22.188: icmp_seq=0 ttl=64 time=0.075 ms 64 bytes from 209.6.22.188: icmp_seq=1 ttl=64 time=0.093 ms 64 bytes from 209.6.22.188: icmp_seq=2 ttl=64 time=0.086 ms 64 bytes from 209.6.22.188: icmp_seq=3 ttl=64 time=0.078 ms 64 bytes from 209.6.22.188: icmp_seq=4 ttl=64 time=0.090 ms huff@>> ping 209.6.22.1 PING 209.6.22.1 (209.6.22.1): 56 data bytes ^C --- 209.6.22.1 ping statistics --- 10 packets transmitted, 0 packets received, 100.0% packet loss I have a firewall; rules are appended. The wierd part is other connectivity works: I can ftp, web-surf, telnet, etc.. Any ideas on what's broken? Robert Huff 00100 630662 280315972 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00350 11780 5065589 allow udp from any 67-68 to any dst-port 67-68 00600 0 0 allow ip6 from any to any via lo0 00610 0 0 deny ip6 from any to ::1 00620 0 0 deny ip6 from ::1 to any 00630 36 2304 allow ip6 from :: to ff02::/16 proto ipv6-icmp 00640 0 0 allow ip6 from fe80::/10 to fe80::/10 proto ipv6-icmp 00650 47 3384 allow ip6 from fe80::/10 to ff02::/16 proto ipv6-icmp 00660 0 0 allow ip6 from 2001:db8:2:1::1 to 2001:db8:2:1::/64 00670 0 0 allow ip6 from 2001:db8:2:1::/64 to 2001:db8:2:1::1 00680 0 0 allow ip6 from fe80::/10 to ff02::/16 00690 0 0 allow ip6 from 2001:db8:2:1::/64 to ff02::/16 00700 0 0 allow ip6 from any to any established proto tcp 00710 0 0 allow ip6 from any to any frag 00720 0 0 allow ip6 from any to 2001:db8:2:1::1 dst-port 25 setup proto tcp 00730 0 0 allow ip6 from 2001:db8:2:1::1 to any setup proto tcp 00740 4 320 deny ip6 from any to any setup proto tcp 00750 0 0 allow ip6 from any 53 to 2001:db8:2:1::1 proto udp 00760 0 0 allow ip6 from 2001:db8:2:1::1 to any dst-port 53 proto udp 00770 0 0 allow ip6 from any 123 to 2001:db8:2:1::1 proto udp 00780 0 0 allow ip6 from 2001:db8:2:1::1 to any dst-port 123 proto udp 00790 0 0 allow ip6 from any to any ip6 icmp6types 1 proto ipv6-icmp 00800 1415 90560 allow ip6 from any to any ip6 icmp6types 2,135,136 proto ipv6-icmp 06000 0 0 deny log logamount 100 tcp from any to any dst-port 137 in via em0 06050 32 3000 deny log logamount 100 udp from any to any dst-port 137 in via em0 06100 0 0 deny log logamount 100 tcp from any to any dst-port 138 in via em0 06150 235 56158 deny log logamount 100 udp from any to any dst-port 138 in via em0 06200 0 0 deny log logamount 100 tcp from any to any dst-port 139 in via em0 06250 0 0 deny log logamount 100 udp from any to any dst-port 139 in via em0 07000 0 0 deny log logamount 100 tcp from any to any dst-port 111 in via em0 07050 0 0 deny log logamount 100 udp from any to any dst-port 111 in via em0 07100 0 0 deny log logamount 100 tcp from any to any dst-port 530 in via em0 07150 0 0 deny log logamount 100 udp from any to any dst-port 530 in via em0 07200 0 0 deny log logamount 100 tcp from any to any dst-port 161 in recv em0 07225 0 0 deny log logamount 100 udp from any to any dst-port 161 in recv em0 07250 0 0 deny log logamount 100 tcp from any to any dst-port 162 in recv em0 07275 0 0 deny log logamount 100 udp from any to any dst-port 162 in recv em0 07300 0 0 deny log logamount 100 tcp from any to any dst-port 194 07310 0 0 deny log logamount 100 udp from any to any dst-port 194 07320 0 0 deny log logamount 100 tcp from any to any dst-port 529 07330 0 0 deny log logamount 100 udp from any to any dst-port 529 07340 0 0 deny log logamount 100 tcp from any to any dst-port 994 07350 0 0 deny log logamount 100 udp from any to any dst-port 994 07360 0 0 deny log logamount 100 tcp from any to any dst-port 6667 07370 23 2341 deny log logamount 100 udp from any to any dst-port 6667 10000 2229463 1617354881 allow tcp from any to any established 10100 631216 58860463 allow ip from any to any out via em0 10200 0 0 allow tcp from 10.0.0.0/8 to any dst-port 80 10300 0 0 allow tcp from any 80 to any dst-port 1024-65535 via em0 10400 0 0 allow tcp from any 443 to any dst-port 1024-65535 via em0 10500 0 0 deny log logamount 100 tcp from any 1024-65535 to any dst-port 80 via em0 10600 0 0 deny log logamount 100 tcp from any 1024-65535 to any dst-port 443 via em0 65000 776246 50780785 allow ip from any to any 65535 122 7329 deny ip from any to any