From owner-freebsd-hackers  Fri Feb  1 11:40:24 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from spmx.securepipe.com (spmx.securepipe.com [64.73.37.194])
	by hub.freebsd.org (Postfix) with SMTP id 6CAF937B400
	for <hackers@freebsd.org>; Fri,  1 Feb 2002 11:40:21 -0800 (PST)
Received: (qmail 26568 invoked from network); 1 Feb 2002 19:28:14 -0000
Received: from unknown (HELO alice.wi.securepipe.com) (64.73.37.245)
  by spmx.securepipe.com with SMTP; 1 Feb 2002 19:28:14 -0000
Received: (qmail 3913 invoked from network); 1 Feb 2002 19:40:20 -0000
Received: from unknown (HELO buttress.wi.securepipe.com) (10.10.14.34)
  by alice.wi.securepipe.com with SMTP; 1 Feb 2002 19:40:20 -0000
Date: Fri, 1 Feb 2002 13:41:08 -0600 (CST)
From: Rob Zietlow <zietlow@securepipe.com>
X-X-Sender: zietlow@buttress.wi.securepipe.com
To: James Housley <jim@thehousleys.net>
Cc: hackers@freebsd.org
Subject: Re: Possible bug in kernel w/pppoe & ipf ?
In-Reply-To: <3C5AED29.B9E6C921@Thehousleys.net>
Message-ID: <Pine.LNX.4.44.0202011336100.12073-100000@buttress.wi.securepipe.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Previously smacked into the keyboard

> I don't know if this is your problem or not, but....
> 
> I use IPFW so this may not be the same as ipf, it may also not exist any
> more for IPFW either.  But I have 1 machine connected vie a cable modem
> and dhclient.  I have another machine connected via DSL and PPPoE and
> dhclient.  Both of these machines had to, might not be true any more but
> one is in a different country and don't want to mess with it, configure
> the kernel to IPFIREWALL_DEFAULT_TO_ACCEPT to ensure the dhclient could
> connect on boot.  After that I load a more restrictive firewall.  But my
> basic problem was that during boot, dhclient was being run before the
> firewall rules were being loaded.  Again, I don't know if this is still
> the case.
> 
> Jim
> 




It was pulling an IP address for my DSL provider even with ipf commented 
out in the rc.conf I would still have issues of "no route to host"  From 
my reading into IPF and playing with it before the pppoe I was still able 
to talk to local interfaces. when I originally made up my ruleset I 
started out with "Block all" and went from there and those early days I 
was able to talk to local hosts from the local machine.  This was back in 
June when I first got my cable modem




 -- 
Rob Zietlow
Network Security Engineer
SecurePipe 
Madison, WI 	(608)-294-6940


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message