From owner-freebsd-stable@FreeBSD.ORG Mon Sep 29 20:27:38 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA3B216A507 for ; Mon, 29 Sep 2003 20:27:38 -0700 (PDT) Received: from web41204.mail.yahoo.com (web41204.mail.yahoo.com [66.218.93.37]) by mx1.FreeBSD.org (Postfix) with SMTP id C597844008 for ; Mon, 29 Sep 2003 20:27:35 -0700 (PDT) (envelope-from e_chelon@yahoo.com) Message-ID: <20030930032735.73176.qmail@web41204.mail.yahoo.com> Received: from [218.102.23.28] by web41204.mail.yahoo.com via HTTP; Mon, 29 Sep 2003 20:27:35 PDT Date: Mon, 29 Sep 2003 20:27:35 -0700 (PDT) From: echelon To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: IPFILTER_DEFAULT_BLOCK & No route to host X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2003 03:27:39 -0000 Hi, After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd with tag RELENG_4_8), the machine cannot be ping'd by others on the same network. In addition, the machine cannot ping itself. ping localhost (or 127.0.0.1) -> no route to host ping itself with its own ip address -> no route to host The freebsd box, with an external pppoe connection, is configured as a gateway with nat. Interestingly, all machines on the lan can access the internet via the freebsd box normally even though the freebsd box cannot be ping'd from these machines. The routing table is fine. All these problems go away if I remove the option IPFILTER_DEFAULT_BLOCK from the kernel conf. I make clean before buildworld/kernel. Thank you. e_chelon __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com