From owner-freebsd-questions@FreeBSD.ORG Sat Nov 1 08:55:37 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A84016A4CE for ; Sat, 1 Nov 2003 08:55:37 -0800 (PST) Received: from cp3.myhostdns.org (cp3.myhostdns.org [64.5.40.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id C47F743F3F for ; Sat, 1 Nov 2003 08:55:36 -0800 (PST) (envelope-from bsdnewbie@coolarrow.com) Received: from max3-27.ip.realtime.net ([205.238.179.27] helo=system) by cp3.myhostdns.org with esmtp (Exim 4.24) id 1AFz2B-00065c-8W for freebsd-questions@freebsd.org; Sat, 01 Nov 2003 10:55:31 -0600 Message-ID: <200311011055320938.07E914B9@tcslea.org> X-Mailer: Courier 3.50.00.01.1088 (http://www.rosecitysoftware.com) (P) Date: Sat, 01 Nov 2003 10:55:32 -0600 From: "Chris" To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cp3.myhostdns.org X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - coolarrow.com Subject: IPFW strange events X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2003 16:55:37 -0000 Hello, This is occurring on a 4.8-RELEASE server using IPFW2... I have numerous rules that block bogus networks... one of which is: ipfw add 0104 deny log ip from 96.0.0.0/3 to any And I know it's working because using "ipfw list" I get: 00104 deny log ip from 96.0.0.0/3 to any Whenever that rule is active, it's blocking packets - "ipfw show": 00104 21 1148 deny log ip from 96.0.0.0/3 to any BUT.... Various services stop working... so I look at /var/log/security and see= NUMEROUS entries such as this: Nov 1 10:30:00 server /kernel: ipfw: 104 Deny TCP 127.0.0.1:1051= 127.0.0.1:80 out via lo0 Now I don't see anything in the rule about the localhost address, yet= that's what it's blocking. But a little bit ahead of that rule, I do have= this one: ipfw add 082 divert natd all from any to any via fxp0 Would it help to put all the bogus network deny rules ahead of the divert= rule? Stumped, Chris