Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Sep 2002 21:40:53 +0100
From:      Dominic Marks <dominic_marks@btinternet.com>
To:        Robin Breathe <freebsd@lineone.net>
Cc:        freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: Problems with ipfilter 3.4.29 under -STABLE (post 31/08/2002)
Message-ID:  <20020916204053.GB24565@gallium>
In-Reply-To: <000201c25db0$acfd64b0$026ca8c0@ishadow>
References:  <000201c25db0$acfd64b0$026ca8c0@ishadow>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hey,

On Mon, Sep 16, 2002 at 07:41:31PM +0100, Robin Breathe wrote:
> Hi all,
> 
> I'm interested to know if anyone is successfully running ipf/ipnat under
> -STABLE from after the merge on the 31st of August
> (http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/).

I am.

> uname -a
FreeBSD gallium 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #11:
Sun Sep 15 22:11:37 BST 2002 dom@gallium:/usr/obj/usr/src/sys/NIFTY i386

> cat /etc/ipfilter.cf
pass out quick on ng0 proto udp all keep state
pass out quick on ng0 proto tcp all keep state
block in log quick on ng0 proto udp all
block return-rst in log quick on ng0 proto tcp all

> cat /etc/ipnat.cf 
map ng0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto
map ng0 from 10.0.0.0/24 to any -> 0/32

%ipf -V
ipf: IP Filter: v3.4.29 (336)
Kernel: IP Filter: v3.4.29              
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0

> I have found that my existing rulesets fail with the new code.  ipf
> blocks everything, and ipnat doesn't do NAT.  My rules are at
> http://isometry.net/freebsd/ipfilter/, and they've worked flawlessly
> with previous versions of ipfilter, in particular 3.4.27 from
> 4.6.2-RELEASE to which I have reverted.
> 
> I am making, and installing the base system and kernel using the
> makefile from
> http://www.freebsddiary.org/samples/makefile.for.build.world which has
> also always worked flawlessly for me.
>
> I am trying to work out whether the problem lies with the recent merge
> of ipfilter 3.4.29, or with my config.  And from all the testing I've
> been able to do, the problem seems to lie with ipfilter.  Other people's
> experiences with the new code would be greatly appreciated.

Can't say I've had any problems. Asside from my adsl connection, which I
use mpd for, after a period of high use I start getting 'no buffer space
available' messages. I don't believe this is related to ipfilter though,
because killing mpd and reconnecting fixes it.

-- 
Dominic Marks << dominic_marks at btinternet.com >>
 Computer & Politics Geek

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020916204053.GB24565>