Date: Thu, 9 May 2002 17:24:38 -0700 From: Brent Kearney <brentk@sfu.ca> To: Joe & Fhe Barbish <barbish@a1poweruser.com> Cc: questions@freebsd.org Subject: Re: can't connect to localhost Message-ID: <20020509172438.A25839@sfu.ca> In-Reply-To: <LPBBIGIAAKKEOEJOLEGOMEAODAAA.barbish@a1poweruser.com>; from barbish@a1poweruser.com on Thu, May 09, 2002 at 08:11:13PM -0400 References: <20020509152242.A26685@sfu.ca> <LPBBIGIAAKKEOEJOLEGOMEAODAAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 09, 2002 at 08:11:13PM -0400, Joe & Fhe Barbish wrote:
> You show this.
> 00100 allow ip from any to any via lo0
> 00100 allow ip from 127.0.0.1 to any
> 00100 allow ip from 123.45.67.89 to 127.0.0.1
> 00100 allow ip from 123.45.67.89 to 123.45.67.89
>
> What is happening here is the second 100 rule replacess the first, then the
> third 100 rule replaces the second, so after all rules numbered 100 get read
> by ipfw at load rules time only rule 100 allow ip from 123.45.67.89 to
> 123.45.67.89 is really there.
>
> Renumber the 100 number rules like so
> 00101 allow ip from any to any via lo0
> 00102 allow ip from 127.0.0.1 to any
> 00103 allow ip from 123.45.67.89 to 127.0.0.1
> 00104 allow ip from 123.45.67.89 to 123.45.67.89
>
I renumbered them. Now no two rules have the same number. I
get exactly the same effect though.
Brent
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Brent Kearney
> Sent: Thursday, May 09, 2002 6:23 PM
> To: questions@freebsd.org
> Subject: can't connect to localhost
>
>
> Greetings,
>
> Any connections to localhost appear not to work:
>
> {foo}(~)$ telnet localhost 25
> Trying 127.0.0.1...
> telnet: connect to address 127.0.0.1: Can't assign requested address
> telnet: Unable to connect to remote host
>
> My /etc/hosts file looks fine; this is the only mention of 127.0.0.1
> in the file:
>
> 127.0.0.1 localhost localhost.foo.ca foo2.foo.ca
>
> (Real names and IP addresses have been obscured).
>
> I use ipfw with default to deny. My rules:
>
> 00100 allow ip from any to any via lo0
> 00100 allow ip from 127.0.0.1 to any
> 00100 allow ip from 123.45.67.89 to 127.0.0.1
> 00100 allow ip from 123.45.67.89 to 123.45.67.89
> 00200 deny ip from any to 127.0.0.0/8 via fxp0
> 00300 deny ip from 127.0.0.0/8 to any via fxp0
> 00400 allow ip from 123.45.67.89 to 123.45.67.0/24
> 00500 allow tcp from any to any established
> 00600 allow ip from any to any frag
> ...
>
> The others are service-specific; I think the 0100 rules should allow
> a local connection though, shouldn't they?
>
> Any clues appreciated. Please CC: me your reply, as I'm
> not a list subscriber.
>
> Thanks,
>
> Brent
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020509172438.A25839>