Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Apr 1998 03:02:09 +0200 (MET DST)
From:      Stefan Bethke <stb@transit.hanse.de>
To:        Atipa <freebsd@atipa.com>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: Any of these kernel opts break RPC?
Message-ID:  <Pine.BSF.3.91.980408025708.3400E-100000@transit.hanse.de>
In-Reply-To: <Pine.BSF.3.96.980407173550.14636A-100000@altrox.atipa.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 7 Apr 1998, Atipa wrote:

> 
> When I have these opts in my config files, RPC services can not bind.
> Kernel is 2.2.6-STABLE from 0404. Removing these lines fixed RPC.
> 
> options         "MD5"                   # Encryption
> options         DDB                     # Debugger
> options         PERFMON                 # Performance Monitor
> options         IPFIREWALL              # For bpfilter
IPFIREWALL has nothing to do with Berkeley Packet Filter (bpf or bpfilter).

Look at ipfw(8), /etc/rc.local and /etc/rc.firewall on how to use this IP 
packet filtering facility properly.

> This machine is NIS master, so I did not have time to have it down long
> enought to reboot 4 times :(.

The most probable cause for your problems is that you haven't set up any 
firewall rules, so communication through the loopback interface fails, or 
at least connections to your NIS server are dropped.

As a general hint, you might want to study LINT before including any 
option in your kernel config. From LINT:
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
# logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
# limits the number of times a matching entry can be logged.
#
# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
# and if you do not add other rules during startup to allow access,
# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall=open
# in /etc/rc.conf when first enabling this feature, then refining the
# firewall rules in /etc/rc.firewall after you've tested that the new kernel
# feature works properly.


Stefan

--
Stefan Bethke
Muehlendamm 12            Phone: +49-40-256848, +49-177-3504009
D-22087 Hamburg           <stefan.bethke@hanse.de>
Hamburg, Germany          <stb@freebsd.org>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980408025708.3400E-100000>