From owner-freebsd-stable Sun Jun 30 12:06:35 1996 Return-Path: owner-stable Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA07113 for stable-outgoing; Sun, 30 Jun 1996 12:06:35 -0700 (PDT) Received: from zen.nash.org (nash.pr.mcs.net [204.95.47.72]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA07076 for ; Sun, 30 Jun 1996 12:05:59 -0700 (PDT) Received: (from alex@localhost) by zen.nash.org (8.7.5/8.6.12) id OAA03003; Sun, 30 Jun 1996 14:05:39 -0500 (CDT) Date: Sun, 30 Jun 1996 14:05:39 -0500 (CDT) Message-Id: <199606301905.OAA03003@zen.nash.org> From: Alex Nash To: rhh@ct.picker.com Cc: stable@freebsd.org Subject: RE: 960627-SNAP - Problem with IPFirewall/portmap Reply-to: nash@mcs.com Sender: owner-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Just installed the 2.1-960627-SNAP, and ran into a system hang-up with > it. I spent some time narrowing this down, it appears that the presence of > the IPFIREWALL option causes portmap to refuse connections. rpcinfo -p > just prints an error, and amd can't register with portmap. This leaves the > kernel in a somewhat strange state on amd's exit, and causes hang-ups when > accessing automount directories. > [...] > I actually haven't ever used IPFIREWALL -- I just pulled over my > 2.1-RELEASE config file and tailored it based on the latest LINT. It's one > of those things I put in to play with later, and adding it didn't cause any > problems with 2.1-RELEASE. For now, I'll just remove it but I'm curious as > to whether this is a bug or something I don't have set up correctly. The default policy of the firewall is to deny packets. This has changed since 2.1R in which the default policy was allow. Try typing 'ipfw l' I suspect you will see only one rule: 65535 deny all from any to any For information on configuring the firewall, see ipfw(8) and the handbook (preferably the one on www.freebsd.org since the one in the SNAP has some errors). http://www.freebsd.org/handbook/handbook66.html Alex