From owner-freebsd-current Thu Feb 20 13:48:16 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 599F437B401; Thu, 20 Feb 2003 13:48:13 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69FE843F3F; Thu, 20 Feb 2003 13:48:12 -0800 (PST) (envelope-from arr@watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.6/8.12.5) with ESMTP id h1KLm0P3011199; Thu, 20 Feb 2003 16:48:00 -0500 (EST) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.12.6/8.12.6/Submit) with SMTP id h1KLm0XK011196; Thu, 20 Feb 2003 16:48:00 -0500 (EST) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Thu, 20 Feb 2003 16:47:59 -0500 (EST) From: "Andrew R. Reiter" To: "Nick H." Cc: Maxime Henrion , freebsd-current@FreeBSD.ORG Subject: Re: Ethernet (xl) will not transmit or receive In-Reply-To: <000d01c2d927$b0ac9ed0$5081f93f@cidomain.propagation.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 20 Feb 2003, Nick H. wrote: :I am absolutely sure, as its on a completely fresh system. : :ipf: IP Filter: v3.4.29 (336) :Kernel: IP Filter: v3.4.29 Maxime, FWIW, my troubles were with the 5.0-RELEASE boot floppies (booted off them to install -RELEASE on my blazing speed demon dual ppro 200). Cheers, Andrew : : : :----- Original Message ----- :From: "Maxime Henrion" :To: "Nick H. -- Technical Support Engineer" :Cc: :Sent: Thursday, February 20, 2003 3:11 PM :Subject: Re: Ethernet (xl) will not transmit or receive : : :: Nick H. -- Technical Support Engineer wrote: :: > Ive run into the exact same problem on about 8 machines now, all running :: > different network cards. The network will just simply not work if I :have :: > IPFILTER built into the kernel. On some of the machines, I started :getting :: > "No route to host". This has happened on the following network cards: :: > :: > 3COM 3C905C :: > 3COM 3C450 *yes, 450* :: > Linksys LNE100TX v4 :: > Linksys LNE100TX v5 :: > NETGEAR Fast 100 :: > Intel Pro 10/100+ :: > Intel Pro 10/100/1000 (gigabit over copper) :: > :: > Im going to assume that since it's not on a specific card, it's not :: > something with the drivers for that card. The only thing I could do was :: > deinstall IPFILTER. I tried wiping the ARP tables (showed incomplete :arp :: > entries for all hosts) and even redoing the routing table. The only :thing :: > that I could get that would fix it was removing ipfiter. I have another :: > 5.0-CURRENT machine (FreeBSD 5.0-CURRENT #2: Wed Jan 29 17:55:34 CST :2003 :: > root@edge:/usr/obj/usr/src/sys/edge i386) that is NOT having this :problem. :: > It's something done fairly recently that has caused this. Im going to :go :: > through and see if I cant find some differences between the source for :that :: > version and this one: 5.0-CURRENT #1: Wed Feb 19 10:28:49 GMT 2003 :: > root@ender:/usr/obj/usr/src/sys/ender i386 :: > :: > The second one (last one I gave uname for) is the most recent to have :the :: > problems. As you can see, it's source from earlier this week. There's :no :: > errors on dmesg nor are there any errors anywhere. It just seems that :if :: > IPFILTER is enabled, the network devices are completely inoperable. I :know :: > you're going to ask how I have the rules setup, and I have tried many :: > variations. The first I tried is a DEFAULT_BLOCK using a working :ruleset :: > from a 4.7-R-p3 machine. After that failed, I tried doing a default :allow, :: > and it still did it. The only feasible way to get the machine online :with :: > that source is to rip out IPFILTER. Anyone having similiar issues? :: > :: > Any comments/suggestions would be more than welcome, as having boxes on :the :: > network with no firewall is just asking for trouble ;) :: :: Are you sure the ipfilter version of your kernel is in sync with your :: userland ipfilter utility? ipf -V will show you both versions. :: :: Cheers, :: Maxime :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-current" in the body of the message :: : : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-current" in the body of the message : -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message