Date: Wed, 03 Jan 2007 16:53:34 +0100 From: Victor Giusti <victor@unirc.eu> To: freebsd-sparc64@freebsd.org Subject: ipfilter problem Message-ID: <459BD17E.6020403@unirc.eu>
next in thread | raw e-mail | index | archive | help
i all im have a sparc ultra 5 running freebsd 6.2-prerelease: FreeBSD hathor.unirc.eu 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 28 21:29:39 CET 2006 victor@hathor.unirc.eu:/usr/src/sys/sparc64/compile/hathor sparc64 hathor# and one intel PIII running: %uname -a FreeBSD terbium 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 28 23:18:22 CET 2006 victor@terbium:/mnt/data/src/sys/i386/compile/terbium i386 freebsd installed in the same day.. On Intel ipf it works ok but in sparc NO!!! im load the config and the network stop im not have DEFAULT_DROP option on the kernel this is my ipf config tested on the two systems: ------------ #acepto todo desde local host pass in quick on lo0 from any to any pass out quick on lo0 from any to any pass in quick on sis0 from any to any >>> NOTE: hme0 on sparc pass out quick on sis0 from any to any >>> this is the only diferent # acepto todo desde la red interna # aca chau icmp pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state pass in quick on tun0 proto icmp from any to any icmp-type 0 #traceroute pass out on tun0 proto udp from any to any port 33434 >< 33690 keep state pass in on tun0 proto icmp from any to any icmp-type timex pass in quick on tun0 proto tcp from any to any port = 22 flags S keep stat pass in quick on tun0 proto tcp from any to any port = 25 flags S keep state pass in quick on tun0 proto tcp from any to any port = 80 flags S keep state pass in quick on tun0 proto tcp from any to any port = 110 flags S keep state pass in quick on tun0 proto tcp from any to any port = 6667 flags S keep state pass in quick on tun0 proto tcp from any to any port = 6697 flags S keep state pass in quick on tun0 proto tcp from any to any port = 6668 flags S keep state pass in quick on tun0 proto tcp from any to any port = 7001 flags S keep state #denegamos todo para afuera pass out quick on tun0 proto tcp/udp from any to any keep state #block return-icmp-as-dest(host-unr) in quick on tun0 all block in quick on tun0 all block out quick all ---------------- I use this config without problems since 2001 (on x86 arch) im have this problem whith FreeBSD/sparc64 6.0 6.1 and the last 6.2 rc1 ipf version its the same in the two systems: sparc#ipf -V ipf: IP Filter: v4.1.13 (528) Kernel: IP Filter: v4.1.13 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0x10a intel#ipf -V ipf: IP Filter: v4.1.13 (416) Kernel: IP Filter: v4.1.13 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0x10a Any IDEA?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459BD17E.6020403>