From owner-freebsd-questions Mon Sep 16 13:40:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96ABB37B400; Mon, 16 Sep 2002 13:40:19 -0700 (PDT) Received: from host213-120-96-183.in-addr.btopenworld.com (host213-120-96-183.in-addr.btopenworld.com [213.120.96.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9493043E4A; Mon, 16 Sep 2002 13:40:17 -0700 (PDT) (envelope-from dom@host213-120-96-183.in-addr.btopenworld.com) Received: by host213-120-96-183.in-addr.btopenworld.com (Postfix, from userid 1001) id A3A8F669; Mon, 16 Sep 2002 21:40:53 +0100 (BST) Date: Mon, 16 Sep 2002 21:40:53 +0100 From: Dominic Marks To: Robin Breathe Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Problems with ipfilter 3.4.29 under -STABLE (post 31/08/2002) Message-ID: <20020916204053.GB24565@gallium> References: <000201c25db0$acfd64b0$026ca8c0@ishadow> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000201c25db0$acfd64b0$026ca8c0@ishadow> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey, On Mon, Sep 16, 2002 at 07:41:31PM +0100, Robin Breathe wrote: > Hi all, > > I'm interested to know if anyone is successfully running ipf/ipnat under > -STABLE from after the merge on the 31st of August > (http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ipfilter/). I am. > uname -a FreeBSD gallium 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #11: Sun Sep 15 22:11:37 BST 2002 dom@gallium:/usr/obj/usr/src/sys/NIFTY i386 > cat /etc/ipfilter.cf pass out quick on ng0 proto udp all keep state pass out quick on ng0 proto tcp all keep state block in log quick on ng0 proto udp all block return-rst in log quick on ng0 proto tcp all > cat /etc/ipnat.cf map ng0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto map ng0 from 10.0.0.0/24 to any -> 0/32 %ipf -V ipf: IP Filter: v3.4.29 (336) Kernel: IP Filter: v3.4.29 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 > I have found that my existing rulesets fail with the new code. ipf > blocks everything, and ipnat doesn't do NAT. My rules are at > http://isometry.net/freebsd/ipfilter/, and they've worked flawlessly > with previous versions of ipfilter, in particular 3.4.27 from > 4.6.2-RELEASE to which I have reverted. > > I am making, and installing the base system and kernel using the > makefile from > http://www.freebsddiary.org/samples/makefile.for.build.world which has > also always worked flawlessly for me. > > I am trying to work out whether the problem lies with the recent merge > of ipfilter 3.4.29, or with my config. And from all the testing I've > been able to do, the problem seems to lie with ipfilter. Other people's > experiences with the new code would be greatly appreciated. Can't say I've had any problems. Asside from my adsl connection, which I use mpd for, after a period of high use I start getting 'no buffer space available' messages. I don't believe this is related to ipfilter though, because killing mpd and reconnecting fixes it. -- Dominic Marks << dominic_marks at btinternet.com >> Computer & Politics Geek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message