From owner-freebsd-current  Tue Mar 19 22:38:50 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id WAA07245
          for current-outgoing; Tue, 19 Mar 1996 22:38:50 -0800 (PST)
Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id WAA07240
          for <current@freebsd.org>; Tue, 19 Mar 1996 22:38:32 -0800 (PST)
Received: from grumble.grondar.za (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.5/8.7.3) with ESMTP id IAA10967 for <current@freebsd.org>; Wed, 20 Mar 1996 08:38:00 +0200 (SAT)
Message-Id: <199603200638.IAA10967@grumble.grondar.za>
To: current@freebsd.org
Subject: Firewalls and all...
Date: Wed, 20 Mar 1996 08:37:59 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi

I am having some problems with a firewall I built the other night. I got
it right at that time, but right now I can't figure something out (I am
running -CURRENT)

My firewall has an ethernet card (ed0), iijppp (tun0) and a simple set of
filters mainly designed to stop spoofing and other silly things. Iijpp
has to play games with the modem to start the connection. Althouh I have
a leased line, I have cheap modems that need to be tickled to establish
the connection)

I have to boot the thing with a lot of manual intervention. If the
firewall startup calls are kluged into /etc/netstart, then at boot
time mountd and sendmail freeze up, and a ^c is needed to unwedge them.
Also logging in is broken; I get a login: prompt but no passwd prompt.
This has something to do with the fact that ypserv/ypbind do not get
loaded :-), but I do not understad why root cannot get in.

My current boot procedure is to boot the machine with no firewall
rules, and load those after it has started. Then I load by hand
all the daemons that have failed: mountd, ypserv, ypbind, rpc.yppasswdd
and one or two others.

Life is slightly complicated by the fact that this machine also runs
my nameserver.

Question: does anybody run a similar setup? And if so, how do you clean
boot it? I would be interested in the sort of setup that could be put
into /etc/sysconfig and /etc/netstart for all to use.

M

-- 
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grondar.za for PGP key