Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Sep 2002 18:41:43 -0700
From:      "Derrick Ryalls" <ryallsd@datasphereweb.com>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   RE: 4.7 RC problem
Message-ID:  <002c01c268eb$b542eaa0$0200a8c0@bartxp>
In-Reply-To: <20020930234912.GA1535@hades.hell.gr>

next in thread | previous in thread | raw e-mail | index | archive | help
opening up the firewall in rc.conf fixed it.  I had explicitly added the
firewall stuff in the kernel for router capabilities later, it just
didn't click for me to explicity open it up right away.  Thanks to all
for the help.

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Giorgos
Keramidas
Sent: Monday, September 30, 2002 4:49 PM
To: Derrick Ryalls
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: 4.7 RC problem


On 2002-09-30 00:06, Derrick Ryalls <ryallsd@datasphereweb.com> wrote:
> After some hardware issues were resolved, I did a cvsup to get 
> everything up to date and ready for a kernel compile.  The o/s will 
> eventually be used as a router, but for now it has just one nic. cvsup

> goes fine, and I start the buildworld.  No errors through the whole 
> process, so I reboot to switch to the new kernel.  The machine is now 
> dead to me, it won't respond to pings/ssh/begging.  On site, the box 
> is running, and my brother can log in fine (directly, not via ssh). 
> When I ask him to ping around or even ping localhost, it comes up with
> "ping: sendto: permission denied".

This is definitely a firewall, although not very obvious which one of
them all :-)

The message is identical to what happens when I load the ipfw.ko module
(one of the firewalls available for FreeBSD) without configuring any
rules to allow some traffic through the firewall. See the sample
transcript below (note that I am running all the commands as `root', the
superuser):

    root@hades[02:39]/root# kldload ipfw
    ipfw2 initialized, divert disabled, rule-based forwarding enabled,
default to deny, logging disabled

    root@hades[02:41]/root# ping 127.0.0.1
    PING 127.0.0.1 (127.0.0.1): 56 data bytes
    ping: sendto: Permission denied
    ^C

    root@hades[02:42]/root# ipfw add 1 pass ip from any to any
    00001 allow ip from any to any

    root@hades[02:42]/root# ping 127.0.0.1
    PING 127.0.0.1 (127.0.0.1): 56 data bytes
    64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=1.084 ms
    ^C

You have obviously enabled one of the firewalls, in your new kernel
config but didn't configure anything to let packets through before
rebooting.   Does your kernel config include any of the following?

    options         IPFIREWALL              #firewall
    options         IPFILTER                #ipfilter support

Giorgos.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c268eb$b542eaa0$0200a8c0>