From nobody Thu Nov 11 18:39:15 2021
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4864F18566F3
	for <bugs@mlmmj.nyi.freebsd.org>; Thu, 11 Nov 2021 18:39:15 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Hqr8z1Wtlz3p3l
	for <bugs@FreeBSD.org>; Thu, 11 Nov 2021 18:39:15 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0B5D011146
	for <bugs@FreeBSD.org>; Thu, 11 Nov 2021 18:39:15 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1ABIdEu5003425
	for <bugs@FreeBSD.org>; Thu, 11 Nov 2021 18:39:14 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1ABIdE4v003424
	for bugs@FreeBSD.org; Thu, 11 Nov 2021 18:39:14 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 259782] ipfw problem during upgrade
Date: Thu, 11 Nov 2021 18:39:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: lg@spirale-ingenierie.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-259782-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259782

            Bug ID: 259782
           Summary: ipfw problem during upgrade
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: lg@spirale-ingenierie.com

I upgraded my remote server from version 12.2 to 13-RELEASE.
IPFW+IPDIVERT+NAT are activated. IOCAGE is installed too (5 jails).

After the first reboot (upgrade, install), I can no longer connect to my se=
rver
in SSH but the computer responds to the ping.
I have access to a FREEBSD-11 rescue console to check the server : everythi=
ng
is fine in the log files. (ps : My next server will have an IP KVM access).

I was in panic mode... My provider seems to no longer support FREEBSD for t=
he
new installations, so I cannot reinstall my server !

I disabled many services (rc.conf) but the ssh access didn't work, sometimes
the ping works sometimes not.

After the latest test (no service except basic network config) the server s=
eems
to be down (no ping, remote hard reboot not working), the support team of my
provider put my server in rescue mode and gave me an important message : <<=
 the
login prompt is displayed >> and the server is frozen.=20
I then got the idea that that the problem came from the firewall even though
the service is disabled, so the only custom settings left were in the kernel
configuration file (loader.conf).

I take back the control of my server in rescue mode and remove IPFW_LOAD and
IPDIVERT_LOAD options in the KERNEL configuration file (loader.conf) : the
server starts and the SSH access is working again.=20

Now I am trying to finish the upgrade and then I will try to activate all t=
he
necessary services one by one.

--=20
You are receiving this mail because:
You are the assignee for the bug.=