I am absolutely sure, as its on a completely fresh system. ipf: IP Filter: v3.4.29 (336) Kernel: IP Filter: v3.4.29
----- Original Message ----- From: "Maxime Henrion" <[EMAIL PROTECTED]> To: "Nick H. -- Technical Support Engineer" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 20, 2003 3:11 PM Subject: Re: Ethernet (xl) will not transmit or receive : Nick H. -- Technical Support Engineer wrote: : > Ive run into the exact same problem on about 8 machines now, all running : > different network cards. The network will just simply not work if I have : > IPFILTER built into the kernel. On some of the machines, I started getting : > "No route to host". This has happened on the following network cards: : > : > 3COM 3C905C : > 3COM 3C450 *yes, 450* : > Linksys LNE100TX v4 : > Linksys LNE100TX v5 : > NETGEAR Fast 100 : > Intel Pro 10/100+ : > Intel Pro 10/100/1000 (gigabit over copper) : > : > Im going to assume that since it's not on a specific card, it's not : > something with the drivers for that card. The only thing I could do was : > deinstall IPFILTER. I tried wiping the ARP tables (showed incomplete arp : > entries for all hosts) and even redoing the routing table. The only thing : > that I could get that would fix it was removing ipfiter. I have another : > 5.0-CURRENT machine (FreeBSD 5.0-CURRENT #2: Wed Jan 29 17:55:34 CST 2003 : > root@edge:/usr/obj/usr/src/sys/edge i386) that is NOT having this problem. : > It's something done fairly recently that has caused this. Im going to go : > through and see if I cant find some differences between the source for that : > version and this one: 5.0-CURRENT #1: Wed Feb 19 10:28:49 GMT 2003 : > root@ender:/usr/obj/usr/src/sys/ender i386 : > : > The second one (last one I gave uname for) is the most recent to have the : > problems. As you can see, it's source from earlier this week. There's no : > errors on dmesg nor are there any errors anywhere. It just seems that if : > IPFILTER is enabled, the network devices are completely inoperable. I know : > you're going to ask how I have the rules setup, and I have tried many : > variations. The first I tried is a DEFAULT_BLOCK using a working ruleset : > from a 4.7-R-p3 machine. After that failed, I tried doing a default allow, : > and it still did it. The only feasible way to get the machine online with : > that source is to rip out IPFILTER. Anyone having similiar issues? : > : > Any comments/suggestions would be more than welcome, as having boxes on the : > network with no firewall is just asking for trouble ;) : : Are you sure the ipfilter version of your kernel is in sync with your : userland ipfilter utility? ipf -V will show you both versions. : : Cheers, : Maxime : : To Unsubscribe: send mail to [EMAIL PROTECTED] : with "unsubscribe freebsd-current" in the body of the message : To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
