Date: Wed, 20 Aug 2003 09:27:24 -0400 (EDT) From: Andre Guibert de Bruet <andy@siliconlandmark.com> To: John Reynolds~ <jreynold@sedona.ch.intel.com> Cc: "John J. Rushford" <jjrushford@mac.com> Subject: Re: Is rl broken? Message-ID: <20030820092317.U452@alpha.siliconlandmark.com> In-Reply-To: <16194.63010.693361.890699@chlx254.ch.intel.com> References: <BB68342D.B3D%jjrushford@mac.com> <16194.63010.693361.890699@chlx254.ch.intel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Aug 2003, John Reynolds~ wrote: > > This thread originally taken from the -stable mailing list, but I'm seeing > weird things in -current now, so I thought I'd ask .... > > > I cvsup'd and rebuilt a FreeBSD 4.8 system last Friday after receiving the > > realpath security advisory. The machine is remote and the NIC uses the rl > > driver. After booting the machine I had no network connectivity. The > > person at the remote site says the boot was normal and he could see that the > > NIC was properly configured but he could not ping it and I could not login. > > We booted off kernel.old and everything came up fine. > > > > I have a machine with an Intel nic using the fxp driver that is exhibiting the > same sort of weirdness. I just installed 5.1-RELEASE on it after it was built > and things were rock solid. I got my NIC configured to use DHCP in my LAN here > at home, everything's fine. then I cvsup and buildworld/kernel (the same > kernel config that an *identical* system on my LAN is using) and test out the > new kernel before installkernel and dhclient seems to finish properly and the > interface seems configured correctly with the correct IP. netstat -r shows the > right stuff, but I can't even ping the NIC itself. It says > > sendto: permission denied > > when I try to ping the NIC itself and *also* 127.0.0.1. If I revert back to the > 5.1-RELEASE kernel with the same hardware and zero config changes, everything > is hunky dory again. Sorry, I'm light on details--I need to do some more > experiments and will cut-n-paste what I see, but I wanted to see if anybody > else is experiencing anything oddball like this. Sounds like you've put IPFIREWALL in your kernel without IPFIREWALL_DEFAULT_TO_ACCEPT. Either add this to your kernel or add an ipfw rule as allows: ipfw add allow ip from any to any Regards, > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030820092317.U452>