From owner-freebsd-stable Thu Mar 7 19:52: 3 2002 Delivered-To: freebsd-stable@freebsd.org Received: from wwweasel.geeksrus.net (wwweasel.geeksrus.net [64.8.210.226]) by hub.freebsd.org (Postfix) with ESMTP id 62B2F37B400 for ; Thu, 7 Mar 2002 19:51:57 -0800 (PST) Received: (from alane@localhost) by wwweasel.geeksrus.net (8.11.6/8.11.6) id g283puL00382 for freebsd-stable@freebsd.org; Thu, 7 Mar 2002 22:51:56 -0500 (EST) (envelope-from alane) Date: Thu, 7 Mar 2002 22:51:56 -0500 From: Alan Eldridge To: FreeBSD Stable List Subject: Need for explicit ipfw pass rule for 127.0.0.0/8 not documented? Message-ID: <20020308035156.GA329@wwweasel.geeksrus.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.26i X-message-flag: Magic 8-Ball says "Outlook not so good." I'll ask it about Exchange next. Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I upgraded from 4.5-20020204-STABLE to 4.5-20020305-STABLE (via CDROM snapshot) and found (first) that portmapper and named were not accesible. My resolv.conf points to 127.0.01 first, but I couldn't even use an outside nameserver. Any kind of network access involving IP got EACCES errors on the sendto(2) or connect(2) calls, according to strace. Since EACCES on INET domain sockets can't happen (according to connect(2), you only can get EACCES on Unix domain sockets), I figured that my firewall, which also runs natd for a machine on the internal network, must be the culprit, even though it logged no errors or dropped packets. Sure enough, when I added a rule right before the "deny everything" at the end: allow ip from 127.0.0.0/8 to 127.0.0.0/8 via lo0 all the broken network services were back to normal. I've been looking to find where this major operational change was documented. It's not in RELNOTES.TXT on the snapshot CDROM. It's not in /usr/src/UPDATING. Its net effect was to disable a number of network services, and to do so silently. There were no syslog entries to indicate that anything was amiss (and I seem to recall that syslog *was* working), or give any clue to diagnosing the problem. Did I miss the documentation? Or did the documentation get missed? -- Alan Eldridge "Dave's not here, man." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message