From owner-freebsd-current@FreeBSD.ORG Wed Aug 20 06:27:27 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D3B316A4BF for ; Wed, 20 Aug 2003 06:27:27 -0700 (PDT) Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com [209.69.98.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4724443FE9 for ; Wed, 20 Aug 2003 06:27:26 -0700 (PDT) (envelope-from andy@siliconlandmark.com) Received: from alpha.siliconlandmark.com (localhost [127.0.0.1]) h7KDRP3E004905; Wed, 20 Aug 2003 09:27:25 -0400 (EDT) (envelope-from andy@siliconlandmark.com) Received: from localhost (andy@localhost)h7KDROoM004902; Wed, 20 Aug 2003 09:27:24 -0400 (EDT) (envelope-from andy@siliconlandmark.com) X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing -bs Date: Wed, 20 Aug 2003 09:27:24 -0400 (EDT) From: Andre Guibert de Bruet To: John Reynolds~ In-Reply-To: <16194.63010.693361.890699@chlx254.ch.intel.com> Message-ID: <20030820092317.U452@alpha.siliconlandmark.com> References: <16194.63010.693361.890699@chlx254.ch.intel.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: current@freebsd.org cc: "John J. Rushford" Subject: Re: Is rl broken? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2003 13:27:27 -0000 On Tue, 19 Aug 2003, John Reynolds~ wrote: > > This thread originally taken from the -stable mailing list, but I'm seeing > weird things in -current now, so I thought I'd ask .... > > > I cvsup'd and rebuilt a FreeBSD 4.8 system last Friday after receiving the > > realpath security advisory. The machine is remote and the NIC uses the rl > > driver. After booting the machine I had no network connectivity. The > > person at the remote site says the boot was normal and he could see that the > > NIC was properly configured but he could not ping it and I could not login. > > We booted off kernel.old and everything came up fine. > > > > I have a machine with an Intel nic using the fxp driver that is exhibiting the > same sort of weirdness. I just installed 5.1-RELEASE on it after it was built > and things were rock solid. I got my NIC configured to use DHCP in my LAN here > at home, everything's fine. then I cvsup and buildworld/kernel (the same > kernel config that an *identical* system on my LAN is using) and test out the > new kernel before installkernel and dhclient seems to finish properly and the > interface seems configured correctly with the correct IP. netstat -r shows the > right stuff, but I can't even ping the NIC itself. It says > > sendto: permission denied > > when I try to ping the NIC itself and *also* 127.0.0.1. If I revert back to the > 5.1-RELEASE kernel with the same hardware and zero config changes, everything > is hunky dory again. Sorry, I'm light on details--I need to do some more > experiments and will cut-n-paste what I see, but I wanted to see if anybody > else is experiencing anything oddball like this. Sounds like you've put IPFIREWALL in your kernel without IPFIREWALL_DEFAULT_TO_ACCEPT. Either add this to your kernel or add an ipfw rule as allows: ipfw add allow ip from any to any Regards, > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >