From owner-freebsd-stable Mon Dec 3 22:44:13 2001 Delivered-To: freebsd-stable@freebsd.org Received: from alpha.kharkov.ukrpack.net (ns.kharkov.ukrpack.net [212.1.112.1]) by hub.freebsd.org (Postfix) with SMTP id DC07637B41D for ; Mon, 3 Dec 2001 22:43:51 -0800 (PST) Received: (qmail 31518 invoked by uid 518); 4 Dec 2001 06:43:43 -0000 From: "Aleksey Ovcharenko" Date: Tue, 4 Dec 2001 08:43:43 +0200 To: mikea Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Strange kernel messages Message-ID: <20011204084343.A30444@infocom.kh.ua> References: <20011128134619.B7489@infocom.kh.ua> <20011128164022.A11463@mikea.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011128164022.A11463@mikea.ath.cx>; from mikea@mikea.ath.cx on Wed, Nov 28, 2001 at 04:40:22PM -0600 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Nov 28, 2001 at 04:40:22PM -0600, mikea wrote: > On Wed, Nov 28, 2001 at 01:46:19PM +0200, Aleksey Ovcharenko wrote: > > I have compiled 4.4-STABLE recently and see strange kernel messages some times: > > > > OUCH! cannot remove rule, count 1 > > ... > > OUCH! cannot remove rule, count 3 > > > > What is wrong? Is it some problem with firewall? > > Help me plz :)... > > A bit more information might be useful. Are you running natd or > some other nat daemon? ipfw or ipf? If it's ipfw, do you have > dynamic rules? A dump of your rules (ipfw -at l) would be good. > # /bin/ps ax|grep natd 344 ?? Ss 15:08.78 /sbin/natd -s yes -m yes -u yes -n rl0 # /sbin/ipfw -at l 01000 850 69666 Tue Dec 4 08:35:12 2001 allow ip from any to any via lo0 02000 0 0 deny ip from any to 127.0.0.0/8 05000 16 1032 Tue Dec 4 08:34:42 2001 prob 0.050000 deny icmp from any to any via rl0 06000 4877 347607 Tue Dec 4 08:35:14 2001 count ip from any to any in recv rl0 07000 5514 1279161 Tue Dec 4 08:35:14 2001 count ip from any to any out xmit rl0 07100 0 0 deny ip from any to 10.0.0.0/8 via rl0 07200 0 0 deny ip from any to 172.16.0.0/12 via rl0 07300 0 0 deny ip from any to 192.168.0.0/16 via rl0 07400 0 0 deny ip from any to 0.0.0.0/8 via rl0 07500 0 0 deny ip from any to 169.254.0.0/16 via rl0 07600 0 0 deny ip from any to 192.0.2.0/24 via rl0 07700 0 0 deny ip from any to 224.0.0.0/4 via rl0 07800 4 1104 Tue Dec 4 08:34:26 2001 deny ip from any to 240.0.0.0/4 via rl0 07900 10386 1625616 Tue Dec 4 08:35:14 2001 divert 8668 ip from any to any via rl0 08000 0 0 deny ip from 10.0.0.0/8 to any via rl0 08100 0 0 deny ip from 172.16.0.0/12 to any via rl0 08200 0 0 deny ip from 192.168.0.0/16 to any via rl0 08300 0 0 deny ip from 0.0.0.0/8 to any via rl0 08400 0 0 deny ip from 169.254.0.0/16 to any via rl0 08500 0 0 deny ip from 192.0.2.0/24 to any via rl0 08600 0 0 deny ip from 224.0.0.0/4 to any via rl0 08700 0 0 deny ip from 240.0.0.0/4 to any via rl0 09000 0 0 allow ip from 192.168.0.0/16 to any 09100 0 0 allow ip from any to 192.168.0.0/16 09200 0 0 check-state 09300 391 70951 Tue Dec 4 08:35:14 2001 deny tcp from any to any established 09500 424 36193 Tue Dec 4 08:35:14 2001 allow tcp from any to xxx.xxx.xxx.xxx 25 keep-state setup 09600 574 179146 Tue Dec 4 08:34:50 2001 allow tcp from any to xxx.xxx.xxx.xxx 110 keep-state setup 09700 1363 482386 Tue Dec 4 08:34:51 2001 allow tcp from any to xxx.xxx.xxx.xxx 119 keep-state setup 09800 328 32455 Tue Dec 4 08:35:11 2001 allow tcp from xxx.xxx.xxx.xxx to any keep-state setup 09900 208 16760 Tue Dec 4 08:35:00 2001 allow udp from any to xxx.xxx.xxx.xxx 53 keep-state 10000 398 42478 Tue Dec 4 08:35:14 2001 allow udp from xxx.xxx.xxx.xxx to any 53 keep-state 10100 0 0 allow udp from xxx.xxx.xxx.xxx to any 123 keep-state 65535 187036 21428037 Tue Dec 4 08:35:14 2001 deny ip from any to any > So would the output of dmesg at boot. > FreeBSD 4.4-STABLE #0: Wed Nov 28 16:26:46 EET 2001 ... CPU: Pentium III/Pentium III Xeon/Celeron (501.14-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x683 Stepping = 3 Features=0x383f9ff real memory = 268353536 (262064K bytes) avail memory = 256995328 (250972K bytes) Preloaded elf kernel "kernel" at 0xc02ef000. Preloaded userconfig_script "/boot/kernel.conf" at 0xc02ef09c. Pentium Pro MTRR support enabled ... rl0: port 0xb400-0xb4ff mem 0xe1800000-0xe18000ff irq 10 at device 14.0 on pci0 ... ed0: port 0xb000-0xb01f irq 11 at device 15.0 on pci0 ... > > This messages go away only if i delete rule 'ipfw add allow tcp from any to me setup limit src-addr 10' (so u cant see it it dump above). Think this is the problem, but why? This rule was after rule number 5000. Any glue? -- Sincerely Yours, Aleksey Ovcharenko postmaster@ic.kharkov.ua Postmaster JV "Infocom" nic-hdl: OAA1-RIPE Kharkov Dep. UA Phone: +380 (572) 275 851 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message