Date: Sat, 28 Feb 2004 17:26:46 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Vincent Poy <vince@oahu.WURLDLINK.NET> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: HEADSUP: Sleep queues added to kernel, so be careful. Message-ID: <Pine.NEB.3.96L.1040228172334.24114O-100000@fledge.watson.org> In-Reply-To: <20040228121518.Q8264-100000@oahu.WURLDLINK.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Feb 2004, Vincent Poy wrote: > > > What seems to happen for me is that I was originally on a September 23, > > > 2003 -CURRENT and then applied all /etc updates and then according to > > > src/UPDATING - I did a make buildworld, followed by a make buildkernel, > > > make installkernel and rebooted and things were still working. Then I > > > did a make installworld and then recvsupped with the latest tree which > > > had src/sbin/savecore/savecore.c 1.68 as the latest thing, then repeated > > > the make buildworld, make buildkernel, make installkernel, make > > > installworld but this time as soon as I rebooted, the network seems to > > > not work at all. I can't get past the machine. Is this something > > > broken with ipfw since I can't ping the public IP but I can ping the > > > local 192.168.0.1 address but not anything beyond that and is connected > > > at 100Mbps Full Duplex. Tried switching both NIC cards and cables just > > > in case they decided to fail but no go either. > > > > Could you confirm that your userspace and userland are really 100% in > > sync? If you run without IPFW, do things work properly? > > Yep, they are in sync. I guess I stayed up all night trying to > figure it out and right before your message, that's what I decided to do > by changing my /etc/rc.conf for firewall_enable="NO" from "YES" even > though I left the firewall_type="open". My /etc/rc.firewall script does > use pipe and queues from dummynet so I don't know if that has an effect > or not. But anyways, with the firewall disabled, this time ping and > traceroute doesn't seem to get anywhere and "ipfw show" shows: 65535 > 299 19878 deny ip from any to any so I did a "ipfw add 65000 allow all > from any to any" and then the box can reach the outside fine so it seems > like either the ipfw or dummynet is broken. I'm not sure I quite understand the various configurations from your description, it seems like there's a number of variables floating around. Could you send a copy of your firewall rules and pertinent rc.conf entries so I can take a look? Also, could you lay out the various cases a little more clearly -- something like the following: ipfw loaded ipfw enabled local traffic non-local traffic no no ? ? yes no ? ? yes yes ? ? Note that if ipfw is loaded but you haven't configured rules, the default rule is to deny all IP traffic, implementing a fail closed/conservative model. This means that if ipfw is loaded, you need to have at least one accept rule in place. "open" is supposed to get things somewhat open at least. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040228172334.24114O-100000>