From owner-freebsd-hackers Fri Feb 1 11:21:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from spmx.securepipe.com (spmx.securepipe.com [64.73.37.194]) by hub.freebsd.org (Postfix) with SMTP id A049C37B405 for ; Fri, 1 Feb 2002 11:20:59 -0800 (PST) Received: (qmail 24996 invoked from network); 1 Feb 2002 19:08:53 -0000 Received: from unknown (HELO alice.wi.securepipe.com) (64.73.37.245) by spmx.securepipe.com with SMTP; 1 Feb 2002 19:08:53 -0000 Received: (qmail 28952 invoked from network); 1 Feb 2002 19:20:59 -0000 Received: from unknown (HELO buttress.wi.securepipe.com) (10.10.14.34) by alice.wi.securepipe.com with SMTP; 1 Feb 2002 19:20:59 -0000 Date: Fri, 1 Feb 2002 13:21:47 -0600 (CST) From: Rob Zietlow X-X-Sender: zietlow@buttress.wi.securepipe.com To: Hackers@freebsd.org Cc: James Housley Subject: Re: Possible bug in kernel w/pppoe & ipf ? In-Reply-To: <3C5AE2C7.A441A760@Thehousleys.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ahh yes, I knew I forgot something, Thank you Jim. yes My rulest was both the original that worked before the DSL pppoe wackiness. I also had the same routing issues when my /etc/ipf.rules said: pass in all pass out all I still received the "no route to host" message. I also added into my rc.conf "ipfilter_rules="etc/ipf.rules" " as the rc.conf in /etc/defaults/rc.conf had listed in it. Rob Previously smacked into the keyboard > Rob Zietlow wrote: > > > > {snip} > > > would be able to do everything. I modified the GENERIC kernel slowly by > > taking out things I did not need and then adding things in that I wanted. > > My machine stopped working once I added in "option > > IPFILTER_DEFAULT_BLOCK" with this option enabled I had no routing, but > > with this taken out of the kernel or IPFILTER_DEFAULT_ALLOW I was able to > > see the net. I compared the routing tables and they were identical. > > > > Is this a bug that I ran into? Is this been something that's been > > documented but for whatever reason Google didn't bring it up? Just > > thought I would make others aware of it as well so they don't run into the > > same issue that I had. > > > > Okay. You have enabled ipf for firewalling. What are your rules for > ipf? Because with modifing them to allow packets to pass, of course > nothing will with IPFILTER_DEFAULT_BLOCK (deny all packets by default). > > If you do have a ipf rule set you will want to post that to hackers@ > > This is a private message in case I am way off base. > > Jim > -- Rob Zietlow Network Security Engineer SecurePipe Madison, WI (608)-294-6940 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message