From owner-freebsd-net@FreeBSD.ORG  Tue Jun 24 12:06:44 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB95237B401
	for <freebsd-net@freebsd.org>; Tue, 24 Jun 2003 12:06:44 -0700 (PDT)
Received: from isber.ucsb.edu (research.isber.ucsb.edu [128.111.147.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5113543F85
	for <freebsd-net@freebsd.org>; Tue, 24 Jun 2003 12:06:40 -0700 (PDT)
	(envelope-from randall@isber.ucsb.edu)
Received: from research.isber.ucsb.edu ([128.111.147.5])
	by isber.ucsb.edu with esmtp (Exim 3.36 #2)
	id 19Ut7i-0001RP-00
	for freebsd-net@freebsd.org; Tue, 24 Jun 2003 12:06:34 -0700
Date: Tue, 24 Jun 2003 12:06:34 -0700 (PDT)
From: randall ehren <randall@ucsb.edu>
To: <freebsd-net@freebsd.org>
Message-ID: <Pine.BSF.4.33.0306241206230.5536-100000@isber.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanner: exiscan *19Ut7i-0001RP-00*ZOPMDWgH.Hw* (ISBER - Institute for
	Social, Behavioral, and Economic Research)
Subject: ipfilter netboot problems
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2003 19:06:45 -0000

hi,
 i'm setting up a soekris net4501 machine and during some testing i ran
into a problem. basically, if i compile:

  options     IPFILTER_DEFAULT_BLOCK

 into the kernel then i get the following error during a net boot (pxe):

 nfs send error 65 for xxx.xxx.xxx.xxx:/soekris/

 and then the machine stops booting as it can't continue to load the root
partition

 after hunting and pecking around, i found out this relates to a "NFS
server host unreachable" error...

 my guess was that since i had enabled default blocking by ipfilter, once
ipfilter loads then all network access is cut off until the rules
(/etc/ipf.rules) are applied.

 so is this impossible to do since loading the rules would require
mounting a partition?

 thanks,
 -randall


--
        :// randall s. ehren         :// voice 805.893.5632
        :// systems administrator    :// isber|survey|avss.ucsb.edu
        :// institute for social, behavioral, and economic research