On Thu, Mar 06, 2003 at 09:54:56AM -0300, Daniel C. Sobral wrote:
> IIRC, 5.0-R has reverse name resolution for sshd (which is _always_
> done, because of PAM, I think, no matter what the configuration file
> say) run chrooted in /var/empty. Well, the problem with that is that, by
> default (ie, in the absence of any configuration in /var/empty/etc)
> 127.0.0.1 is searched first, and if you have blackhole enabled (or
> equivalent firewall rules), it takes a LONG time for it to realize no
> answer is coming.
I had a slightly different version of "cannot ssh into the box".
With IPFILTER enabled in the kernel (firewall_enable=no and default to allow all) ,
all connections inbound and outbound dropped into the blackhole.
I found this because I managed to log into the box 'before' IPFILTER gets loaded and
no connection after that could go through. So if the original author is still on the
thread, could you try to login 'while the machine boots' and see if by any chance it
could work ?
Jiawei
--
"Without the userland, the kernel is useless."
--inspired by The Tao of Programming
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
