From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 17 04:36:33 2008 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC1F21065675 for ; Mon, 17 Nov 2008 04:36:33 +0000 (UTC) (envelope-from jguojun@gmail.com) Received: from smtp124.sbc.mail.sp1.yahoo.com (smtp124.sbc.mail.sp1.yahoo.com [69.147.64.97]) by mx1.freebsd.org (Postfix) with SMTP id CF37D8FC18 for ; Mon, 17 Nov 2008 04:36:33 +0000 (UTC) (envelope-from jguojun@gmail.com) Received: (qmail 25288 invoked from network); 17 Nov 2008 04:36:33 -0000 Received: from unknown (HELO ?192.168.2.17?) (jguojun@75.37.2.43 with plain) by smtp124.sbc.mail.sp1.yahoo.com with SMTP; 17 Nov 2008 04:36:33 -0000 X-YMail-OSG: SXl5X3wVM1m.D.w1Lt3qmRBDLXWonOWetT2rLJ4792wIvqylf22Dq.9kZDSnoYAnRX1_aGiuxZqgW6XoXPdGXWqnwZpE.QMNcQsqF01fhKjHvEIYtOISDIyN7b2rEBjhtVjuffpTlwZ8JzXg5d81FrBvD4xAMLL5X9bOoaQTQlV5wyiFawR2Ss9UK2H1KskrHwE.riLbnlo8sjt2QnkzSKjjTKCaDDI.tCDY2eMNNO9zCqz8XSXklg-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4920F4CC.2020501@gmail.com> Date: Sun, 16 Nov 2008 20:36:28 -0800 From: "Jin Guojun[VFF]" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.13) Gecko/20071201 X-Accept-Language: en, zh, zh-CN MIME-Version: 1.0 To: Ian Smith References: <491F413A.4020108@gmail.com> <20081115223556.GA45503@owl.midgard.homeip.net> <491F54A0.9090702@gmail.com> <491F6466.40309@gmail.com> <20081116224655.J70117@sola.nimnet.asn.au> <4920C685.1050004@gmail.com> <20081117134532.S70117@sola.nimnet.asn.au> In-Reply-To: <20081117134532.S70117@sola.nimnet.asn.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Erik Trulsson , ipfw@freebsd.org, questions@freebsd.org Subject: Re: some ipfw filter does not function under Release 6.3 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 04:36:34 -0000 Ian Smith wrote: >On Sun, 16 Nov 2008, Jin Guojun[VFF] wrote: > > Ian Smith wrote: > > > > > On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: > > > > > > > I think this is a bug in ipfw because after change the rule order, the > > > > problem persists: > > > > 00566 26 3090 deny ip from 221.192.199.36 to any > > > > 65330 2018 983473 allow tcp from any to any established > > > > 65535 0 0 deny ip from any to any > > > >.... snapped > > > I have found the problem due to the NIC naming change after motherboard > > upgrading. > > The em0 was LAN port, but now it is WAN port. So, the following rule caused > > Sync coming in: > > > > 00123 12 528 allow tcp from any to 192.168.0.0/16 via em0 setup > >Ahah! > > > This is my configuration fault, and we can close PR kern/128902. > > > > Thanks, > > -Jin > >Glad you found it so soon, Jin; that was one very short-lived PR :) > > This is kind hard one to catch since this machine was tested and working before. Traced many machines with R-6.1 and R-6.2 around country and found no problem. The recent change to this machine is a AMD to a P4 motherboard swapping for better memory bandwidth, but overlooked the NIC names changed. Now we had historical information for what could cause such failure. -Jin