From owner-freebsd-questions Mon Sep 30 18:41:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7657737B401 for ; Mon, 30 Sep 2002 18:41:56 -0700 (PDT) Received: from truman.datasphereweb.com (12-231-81-122.client.attbi.com [12.231.81.122]) by mx1.FreeBSD.org (Postfix) with SMTP id C25A243E6E for ; Mon, 30 Sep 2002 18:41:55 -0700 (PDT) (envelope-from ryallsd@datasphereweb.com) Received: (qmail 53445 invoked from network); 1 Oct 2002 01:46:08 -0000 Received: from 12-229-238-38.client.attbi.com (HELO bartxp) (12.229.238.38) by 12-231-81-122.client.attbi.com with SMTP; 1 Oct 2002 01:46:08 -0000 From: "Derrick Ryalls" To: Subject: RE: 4.7 RC problem Date: Mon, 30 Sep 2002 18:41:43 -0700 Message-ID: <002c01c268eb$b542eaa0$0200a8c0@bartxp> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal In-Reply-To: <20020930234912.GA1535@hades.hell.gr> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG opening up the firewall in rc.conf fixed it. I had explicitly added the firewall stuff in the kernel for router capabilities later, it just didn't click for me to explicity open it up right away. Thanks to all for the help. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Giorgos Keramidas Sent: Monday, September 30, 2002 4:49 PM To: Derrick Ryalls Cc: freebsd-questions@FreeBSD.ORG Subject: Re: 4.7 RC problem On 2002-09-30 00:06, Derrick Ryalls wrote: > After some hardware issues were resolved, I did a cvsup to get > everything up to date and ready for a kernel compile. The o/s will > eventually be used as a router, but for now it has just one nic. cvsup > goes fine, and I start the buildworld. No errors through the whole > process, so I reboot to switch to the new kernel. The machine is now > dead to me, it won't respond to pings/ssh/begging. On site, the box > is running, and my brother can log in fine (directly, not via ssh). > When I ask him to ping around or even ping localhost, it comes up with > "ping: sendto: permission denied". This is definitely a firewall, although not very obvious which one of them all :-) The message is identical to what happens when I load the ipfw.ko module (one of the firewalls available for FreeBSD) without configuring any rules to allow some traffic through the firewall. See the sample transcript below (note that I am running all the commands as `root', the superuser): root@hades[02:39]/root# kldload ipfw ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled root@hades[02:41]/root# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes ping: sendto: Permission denied ^C root@hades[02:42]/root# ipfw add 1 pass ip from any to any 00001 allow ip from any to any root@hades[02:42]/root# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=1.084 ms ^C You have obviously enabled one of the firewalls, in your new kernel config but didn't configure anything to let packets through before rebooting. Does your kernel config include any of the following? options IPFIREWALL #firewall options IPFILTER #ipfilter support Giorgos. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message