Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Jul 1999 22:39:53 +1000
From:      obituary <c9710216@atlas.newcastle.edu.au>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc:        freebsd-current@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
Subject:   Re: Problem with cvsup
Message-ID:  <37931C99.7038563D@atlas.newcastle.edu.au>
References:  <3791BFE4.D18901D3@atlas.newcastle.edu.au> <xzp3dymnm2b.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dag-Erling Smorgrav wrote:
> 
> obituary <c9710216@atlas.newcastle.edu.au> writes:
> > If anyone can shed some light on my situation (or has experienced
> > similar troubles themselves) I'd be most grateful to hear from you.
> 
> You forgot to attach the output of 'ipfw -a l'.

Ok, since my original post I've done a little more testing.  The problem
appears to be related to natd.  If natd has been run at any time since
booting, the problems occur.

I compiled a fresh kernel on the firewall machine (3.2-RELEASE) without
firewalling options.  Everything worked fine -- I was able to cvsup the
firewall box.  I then recompiled with the firewalling options enabled,
but set the firewall_type="open" and natd_enable="NO" in rc.conf.  Once
again, everything worked fine.  I enabled natd to see if I could cvsup
my other machine (4.0-CURRENT) and that's where the trouble started.  I
couldn't cvsup the CURRENT box *or* the firewall box after enabling
natd.  I couldn't even cvsup the firewall box after taking the divert
rule out!

Listing of ipfw -a l:
00100   16    1792 allow ip from any to any via lo0
00200    0       0 deny ip from any to 127.0.0.0/8
00300 1742  663154 divert 8668 ip from any to any via ppp0
65000 9023 1751445 allow ip from any to any
65535    0       0 deny ip from any to any


List of options in my kernel:
pseudo-device   ether                   #Generic Ethernet
pseudo-device   loop                    #Network loopback device
pseudo-device   ppp     2               #Point-to-point protocol
options PPP_BSDCOMP                     #PPP BSD-compress support
options PPP_DEFLATE                     #PPP zlib/deflate/gzip support

options         IPFIREWALL              #firewall
options		IPFIREWALL_VERBOSE	#print information about
					# dropped packets
options         IPDIVERT


The command I use for natd is:
natd -dynamic -n ppp0

I've also tried the -m option, but it makes no difference.


-jake (obituary)			  Powered by FreeBSD
c9710216@atlas.newcastle.edu.au		http://www.freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37931C99.7038563D>