Date: Mon, 16 Sep 2002 21:40:53 +0100 From: Dominic Marks <dominic_marks@btinternet.com> To: Robin Breathe <freebsd@lineone.net> Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Problems with ipfilter 3.4.29 under -STABLE (post 31/08/2002) Message-ID: <20020916204053.GB24565@gallium> In-Reply-To: <000201c25db0$acfd64b0$026ca8c0@ishadow> References: <000201c25db0$acfd64b0$026ca8c0@ishadow>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey, On Mon, Sep 16, 2002 at 07:41:31PM +0100, Robin Breathe wrote: > Hi all, > > I'm interested to know if anyone is successfully running ipf/ipnat under > -STABLE from after the merge on the 31st of August > (http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/). I am. > uname -a FreeBSD gallium 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #11: Sun Sep 15 22:11:37 BST 2002 dom@gallium:/usr/obj/usr/src/sys/NIFTY i386 > cat /etc/ipfilter.cf pass out quick on ng0 proto udp all keep state pass out quick on ng0 proto tcp all keep state block in log quick on ng0 proto udp all block return-rst in log quick on ng0 proto tcp all > cat /etc/ipnat.cf map ng0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto map ng0 from 10.0.0.0/24 to any -> 0/32 %ipf -V ipf: IP Filter: v3.4.29 (336) Kernel: IP Filter: v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 > I have found that my existing rulesets fail with the new code. ipf > blocks everything, and ipnat doesn't do NAT. My rules are at > http://isometry.net/freebsd/ipfilter/, and they've worked flawlessly > with previous versions of ipfilter, in particular 3.4.27 from > 4.6.2-RELEASE to which I have reverted. > > I am making, and installing the base system and kernel using the > makefile from > http://www.freebsddiary.org/samples/makefile.for.build.world which has > also always worked flawlessly for me. > > I am trying to work out whether the problem lies with the recent merge > of ipfilter 3.4.29, or with my config. And from all the testing I've > been able to do, the problem seems to lie with ipfilter. Other people's > experiences with the new code would be greatly appreciated. Can't say I've had any problems. Asside from my adsl connection, which I use mpd for, after a period of high use I start getting 'no buffer space available' messages. I don't believe this is related to ipfilter though, because killing mpd and reconnecting fixes it. -- Dominic Marks << dominic_marks at btinternet.com >> Computer & Politics Geek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020916204053.GB24565>