Date: Thu, 20 Feb 2003 22:11:40 +0100 From: Maxime Henrion <mux@freebsd.org> To: "Nick H. -- Technical Support Engineer" <nickh@supportteam.net> Cc: freebsd-current@FreeBSD.ORG Subject: Re: Ethernet (xl) will not transmit or receive Message-ID: <20030220211140.GO60813@elvis.mu.org> In-Reply-To: <002001c2d91e$fcb546a0$0402a8c0@dotnet> References: <20030220161905.BBA6D5D04@ptavv.es.net> <Pine.NEB.3.96L.1030220113026.8683A-100000@fledge.watson.org> <20030220184417.GA3743@physik.TU-Berlin.DE> <002001c2d91e$fcb546a0$0402a8c0@dotnet>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick H. -- Technical Support Engineer wrote: > Ive run into the exact same problem on about 8 machines now, all running > different network cards. The network will just simply not work if I have > IPFILTER built into the kernel. On some of the machines, I started getting > "No route to host". This has happened on the following network cards: > > 3COM 3C905C > 3COM 3C450 *yes, 450* > Linksys LNE100TX v4 > Linksys LNE100TX v5 > NETGEAR Fast 100 > Intel Pro 10/100+ > Intel Pro 10/100/1000 (gigabit over copper) > > Im going to assume that since it's not on a specific card, it's not > something with the drivers for that card. The only thing I could do was > deinstall IPFILTER. I tried wiping the ARP tables (showed incomplete arp > entries for all hosts) and even redoing the routing table. The only thing > that I could get that would fix it was removing ipfiter. I have another > 5.0-CURRENT machine (FreeBSD 5.0-CURRENT #2: Wed Jan 29 17:55:34 CST 2003 > root@edge:/usr/obj/usr/src/sys/edge i386) that is NOT having this problem. > It's something done fairly recently that has caused this. Im going to go > through and see if I cant find some differences between the source for that > version and this one: 5.0-CURRENT #1: Wed Feb 19 10:28:49 GMT 2003 > root@ender:/usr/obj/usr/src/sys/ender i386 > > The second one (last one I gave uname for) is the most recent to have the > problems. As you can see, it's source from earlier this week. There's no > errors on dmesg nor are there any errors anywhere. It just seems that if > IPFILTER is enabled, the network devices are completely inoperable. I know > you're going to ask how I have the rules setup, and I have tried many > variations. The first I tried is a DEFAULT_BLOCK using a working ruleset > from a 4.7-R-p3 machine. After that failed, I tried doing a default allow, > and it still did it. The only feasible way to get the machine online with > that source is to rip out IPFILTER. Anyone having similiar issues? > > Any comments/suggestions would be more than welcome, as having boxes on the > network with no firewall is just asking for trouble ;) Are you sure the ipfilter version of your kernel is in sync with your userland ipfilter utility? ipf -V will show you both versions. Cheers, Maxime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030220211140.GO60813>