From owner-freebsd-hackers Fri Feb 1 11:32:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from thehousleys.net (frenchknot.ne.mediaone.net [66.31.234.148]) by hub.freebsd.org (Postfix) with ESMTP id C818137B417 for ; Fri, 1 Feb 2002 11:31:59 -0800 (PST) Received: (from root@localhost) by thehousleys.net (8.11.6/8.11.2) id g11JVtd21101; Fri, 1 Feb 2002 14:31:55 -0500 (EST) (envelope-from jim@Thehousleys.net) Received: from Thehousleys.net (baby.int.thehousleys.net [192.168.0.125]) (authenticated) by thehousleys.net (8.11.6/8.11.6) with ESMTP id g11JVrp21092; Fri, 1 Feb 2002 14:31:53 -0500 (EST) (envelope-from jim@Thehousleys.net) Message-ID: <3C5AED29.B9E6C921@Thehousleys.net> Date: Fri, 01 Feb 2002 14:31:53 -0500 From: James Housley X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Rob Zietlow Cc: Hackers@freebsd.org Subject: Re: Possible bug in kernel w/pppoe & ipf ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Rob Zietlow wrote: > > Ahh yes, I knew I forgot something, Thank you Jim. yes My rulest was both > the original that worked before the DSL pppoe wackiness. I also had the > same routing issues when my /etc/ipf.rules said: > > pass in all > pass out all > > I still received the "no route to host" message. I also added into my > rc.conf "ipfilter_rules="etc/ipf.rules" " as the rc.conf in > /etc/defaults/rc.conf had listed in it. > I don't know if this is your problem or not, but.... I use IPFW so this may not be the same as ipf, it may also not exist any more for IPFW either. But I have 1 machine connected vie a cable modem and dhclient. I have another machine connected via DSL and PPPoE and dhclient. Both of these machines had to, might not be true any more but one is in a different country and don't want to mess with it, configure the kernel to IPFIREWALL_DEFAULT_TO_ACCEPT to ensure the dhclient could connect on boot. After that I load a more restrictive firewall. But my basic problem was that during boot, dhclient was being run before the firewall rules were being loaded. Again, I don't know if this is still the case. Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net jhousley@SimTel.Net http://www.SimTel.Net --------------------------------------------------------------------- "...there's no idea that's so good you can't ruin it with a few well-placed idiots." -- Charles Spickman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message