From owner-freebsd-hackers  Tue Apr  7 18:03:20 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA03891
          for freebsd-hackers-outgoing; Tue, 7 Apr 1998 18:03:20 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from rrz.Hanse.DE (rrz.Hanse.DE [193.174.9.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA03803
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 7 Apr 1998 18:03:12 -0700 (PDT)
          (envelope-from stb@transit.hanse.de)
Received: from daemon.Hanse.DE (daemon.Hanse.DE [193.174.9.17])
	by rrz.Hanse.DE (8.8.8/8.8.8) with ESMTP id DAA22288;
	Wed, 8 Apr 1998 03:03:14 +0200 (CEST)
	(envelope-from stb@transit.hanse.de)
Received: from transit.hanse.de (transit.Hanse.DE [193.174.9.161])
	by daemon.Hanse.DE (8.8.8/8.8.8) with ESMTP id DAA21210;
	Wed, 8 Apr 1998 03:02:11 +0200 (CEST)
	(envelope-from stb@transit.hanse.de)
Received: (from stb@localhost)
	by transit.hanse.de (8.8.8/8.8.8) id DAA04852;
	Wed, 8 Apr 1998 03:02:10 +0200 (MET DST)
Date: Wed, 8 Apr 1998 03:02:09 +0200 (MET DST)
From: Stefan Bethke <stb@transit.hanse.de>
To: Atipa <freebsd@atipa.com>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Any of these kernel opts break RPC?
In-Reply-To: <Pine.BSF.3.96.980407173550.14636A-100000@altrox.atipa.com>
Message-ID: <Pine.BSF.3.91.980408025708.3400E-100000@transit.hanse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 7 Apr 1998, Atipa wrote:

> 
> When I have these opts in my config files, RPC services can not bind.
> Kernel is 2.2.6-STABLE from 0404. Removing these lines fixed RPC.
> 
> options         "MD5"                   # Encryption
> options         DDB                     # Debugger
> options         PERFMON                 # Performance Monitor
> options         IPFIREWALL              # For bpfilter
IPFIREWALL has nothing to do with Berkeley Packet Filter (bpf or bpfilter).

Look at ipfw(8), /etc/rc.local and /etc/rc.firewall on how to use this IP 
packet filtering facility properly.

> This machine is NIS master, so I did not have time to have it down long
> enought to reboot 4 times :(.

The most probable cause for your problems is that you haven't set up any 
firewall rules, so communication through the loopback interface fails, or 
at least connections to your NIS server are dropped.

As a general hint, you might want to study LINT before including any 
option in your kernel config. From LINT:
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
# logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
# limits the number of times a matching entry can be logged.
#
# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
# and if you do not add other rules during startup to allow access,
# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall=open
# in /etc/rc.conf when first enabling this feature, then refining the
# firewall rules in /etc/rc.firewall after you've tested that the new kernel
# feature works properly.


Stefan

--
Stefan Bethke
Muehlendamm 12            Phone: +49-40-256848, +49-177-3504009
D-22087 Hamburg           <stefan.bethke@hanse.de>
Hamburg, Germany          <stb@freebsd.org>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message