Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Nov 2008 20:36:28 -0800
From:      "Jin Guojun[VFF]" <jguojun@gmail.com>
To:        Ian Smith <smithi@nimnet.asn.au>
Cc:        Erik Trulsson <ertr1013@student.uu.se>, ipfw@freebsd.org, questions@freebsd.org
Subject:   Re: some ipfw filter does not function under Release 6.3
Message-ID:  <4920F4CC.2020501@gmail.com>
In-Reply-To: <20081117134532.S70117@sola.nimnet.asn.au>
References:  <491F413A.4020108@gmail.com> <20081115223556.GA45503@owl.midgard.homeip.net> <491F54A0.9090702@gmail.com> <491F6466.40309@gmail.com> <20081116224655.J70117@sola.nimnet.asn.au> <4920C685.1050004@gmail.com> <20081117134532.S70117@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ian Smith wrote:

>On Sun, 16 Nov 2008, Jin Guojun[VFF] wrote:
> > Ian Smith wrote:
> > 
> > > On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote:
> > > 
> > > >    I think this is a bug in ipfw because after change the rule order, the
> > > >    problem persists:
> > > >    00566    26     3090 deny ip from 221.192.199.36 to any
> > > >    65330  2018   983473 allow tcp from any to any established
> > > >    65535     0        0 deny ip from any to any
> > > 
>.... snapped
>
> > I have found the problem due to the NIC naming change after motherboard
> > upgrading.
> > The em0 was LAN port, but now it is WAN port. So, the following rule caused
> > Sync coming in:
> > 
> > 00123     12      528 allow tcp from any to 192.168.0.0/16 via em0 setup
>
>Ahah!
>
> > This is my configuration fault, and we can close PR kern/128902.
> > 
> > Thanks,
> > -Jin
>
>Glad you found it so soon, Jin; that was one very short-lived PR :)
>  
>
This is kind hard one to catch since this machine was tested and working 
before.
Traced many machines with R-6.1 and R-6.2 around country and found no 
problem.
The recent change to this machine is a AMD to a P4 motherboard swapping 
for better memory
bandwidth, but overlooked the NIC names changed.
Now we had historical information for what could cause such failure.

-Jin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4920F4CC.2020501>