Date: Thu, 7 Mar 2002 22:51:56 -0500 From: Alan Eldridge <alane@geeksrus.net> To: FreeBSD Stable List <freebsd-stable@freebsd.org> Subject: Need for explicit ipfw pass rule for 127.0.0.0/8 not documented? Message-ID: <20020308035156.GA329@wwweasel.geeksrus.net>
next in thread | raw e-mail | index | archive | help
I upgraded from 4.5-20020204-STABLE to 4.5-20020305-STABLE (via CDROM snapshot) and found (first) that portmapper and named were not accesible. My resolv.conf points to 127.0.01 first, but I couldn't even use an outside nameserver. Any kind of network access involving IP got EACCES errors on the sendto(2) or connect(2) calls, according to strace. Since EACCES on INET domain sockets can't happen (according to connect(2), you only can get EACCES on Unix domain sockets), I figured that my firewall, which also runs natd for a machine on the internal network, must be the culprit, even though it logged no errors or dropped packets. Sure enough, when I added a rule right before the "deny everything" at the end: allow ip from 127.0.0.0/8 to 127.0.0.0/8 via lo0 all the broken network services were back to normal. I've been looking to find where this major operational change was documented. It's not in RELNOTES.TXT on the snapshot CDROM. It's not in /usr/src/UPDATING. Its net effect was to disable a number of network services, and to do so silently. There were no syslog entries to indicate that anything was amiss (and I seem to recall that syslog *was* working), or give any clue to diagnosing the problem. Did I miss the documentation? Or did the documentation get missed? -- Alan Eldridge "Dave's not here, man." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308035156.GA329>