Date: Tue, 4 Dec 2001 08:43:43 +0200 From: "Aleksey Ovcharenko" <alexovch@ic.kharkov.ua> To: mikea <mikea@mikea.ath.cx> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Strange kernel messages Message-ID: <20011204084343.A30444@infocom.kh.ua> In-Reply-To: <20011128164022.A11463@mikea.ath.cx>; from mikea@mikea.ath.cx on Wed, Nov 28, 2001 at 04:40:22PM -0600 References: <20011128134619.B7489@infocom.kh.ua> <20011128164022.A11463@mikea.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 28, 2001 at 04:40:22PM -0600, mikea wrote: > On Wed, Nov 28, 2001 at 01:46:19PM +0200, Aleksey Ovcharenko wrote: > > I have compiled 4.4-STABLE recently and see strange kernel messages some times: > > > > OUCH! cannot remove rule, count 1 > > ... > > OUCH! cannot remove rule, count 3 > > > > What is wrong? Is it some problem with firewall? > > Help me plz :)... > > A bit more information might be useful. Are you running natd or > some other nat daemon? ipfw or ipf? If it's ipfw, do you have > dynamic rules? A dump of your rules (ipfw -at l) would be good. > # /bin/ps ax|grep natd 344 ?? Ss 15:08.78 /sbin/natd -s yes -m yes -u yes -n rl0 # /sbin/ipfw -at l 01000 850 69666 Tue Dec 4 08:35:12 2001 allow ip from any to any via lo0 02000 0 0 deny ip from any to 127.0.0.0/8 05000 16 1032 Tue Dec 4 08:34:42 2001 prob 0.050000 deny icmp from any to any via rl0 06000 4877 347607 Tue Dec 4 08:35:14 2001 count ip from any to any in recv rl0 07000 5514 1279161 Tue Dec 4 08:35:14 2001 count ip from any to any out xmit rl0 07100 0 0 deny ip from any to 10.0.0.0/8 via rl0 07200 0 0 deny ip from any to 172.16.0.0/12 via rl0 07300 0 0 deny ip from any to 192.168.0.0/16 via rl0 07400 0 0 deny ip from any to 0.0.0.0/8 via rl0 07500 0 0 deny ip from any to 169.254.0.0/16 via rl0 07600 0 0 deny ip from any to 192.0.2.0/24 via rl0 07700 0 0 deny ip from any to 224.0.0.0/4 via rl0 07800 4 1104 Tue Dec 4 08:34:26 2001 deny ip from any to 240.0.0.0/4 via rl0 07900 10386 1625616 Tue Dec 4 08:35:14 2001 divert 8668 ip from any to any via rl0 08000 0 0 deny ip from 10.0.0.0/8 to any via rl0 08100 0 0 deny ip from 172.16.0.0/12 to any via rl0 08200 0 0 deny ip from 192.168.0.0/16 to any via rl0 08300 0 0 deny ip from 0.0.0.0/8 to any via rl0 08400 0 0 deny ip from 169.254.0.0/16 to any via rl0 08500 0 0 deny ip from 192.0.2.0/24 to any via rl0 08600 0 0 deny ip from 224.0.0.0/4 to any via rl0 08700 0 0 deny ip from 240.0.0.0/4 to any via rl0 09000 0 0 allow ip from 192.168.0.0/16 to any 09100 0 0 allow ip from any to 192.168.0.0/16 09200 0 0 check-state 09300 391 70951 Tue Dec 4 08:35:14 2001 deny tcp from any to any established 09500 424 36193 Tue Dec 4 08:35:14 2001 allow tcp from any to xxx.xxx.xxx.xxx 25 keep-state setup 09600 574 179146 Tue Dec 4 08:34:50 2001 allow tcp from any to xxx.xxx.xxx.xxx 110 keep-state setup 09700 1363 482386 Tue Dec 4 08:34:51 2001 allow tcp from any to xxx.xxx.xxx.xxx 119 keep-state setup 09800 328 32455 Tue Dec 4 08:35:11 2001 allow tcp from xxx.xxx.xxx.xxx to any keep-state setup 09900 208 16760 Tue Dec 4 08:35:00 2001 allow udp from any to xxx.xxx.xxx.xxx 53 keep-state 10000 398 42478 Tue Dec 4 08:35:14 2001 allow udp from xxx.xxx.xxx.xxx to any 53 keep-state 10100 0 0 allow udp from xxx.xxx.xxx.xxx to any 123 keep-state 65535 187036 21428037 Tue Dec 4 08:35:14 2001 deny ip from any to any > So would the output of dmesg at boot. > FreeBSD 4.4-STABLE #0: Wed Nov 28 16:26:46 EET 2001 ... CPU: Pentium III/Pentium III Xeon/Celeron (501.14-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x683 Stepping = 3 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE> real memory = 268353536 (262064K bytes) avail memory = 256995328 (250972K bytes) Preloaded elf kernel "kernel" at 0xc02ef000. Preloaded userconfig_script "/boot/kernel.conf" at 0xc02ef09c. Pentium Pro MTRR support enabled ... rl0: <RealTek 8139 10/100BaseTX> port 0xb400-0xb4ff mem 0xe1800000-0xe18000ff irq 10 at device 14.0 on pci0 ... ed0: <NE2000 PCI Ethernet (RealTek 8029)> port 0xb000-0xb01f irq 11 at device 15.0 on pci0 ... > > This messages go away only if i delete rule 'ipfw add allow tcp from any to me setup limit src-addr 10' (so u cant see it it dump above). Think this is the problem, but why? This rule was after rule number 5000. Any glue? -- Sincerely Yours, Aleksey Ovcharenko postmaster@ic.kharkov.ua Postmaster JV "Infocom" nic-hdl: OAA1-RIPE Kharkov Dep. UA Phone: +380 (572) 275 851 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204084343.A30444>