from:"echelon"

Re: IPFILTER_DEFAULT_BLOCK No route to host

2003-09-30 Thread echelon


Ok, may be this is fine to get No route to host when ping 127.0.0.1/ localhost if
IPFILTER_DEFAULT_BLOCK option is set.

However, I use the following rules for the internal network interface (xl1)

# Group 9000 (internal network interface) 
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 23 
group 9000
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 21 
group 9000
pass in quick on xl1 all group 9000

With these rules, I believe I should able to ping and SSH the freebsd box from my 
internal network
no matter the option IPFILTER_DEFAULT_BLOCK is set or not.

However, this is true only if the IPFILTER_DEFAULT_BLOCK option is removed.

The same rules were used with IPFilter 3.4.18 on FreeBSD 4.2 and no such problem was 
encountered. 

  
Thanks.

e_chelon
--- Darren Reed [EMAIL PROTECTED] wrote:
 
 That's how it is meant to work.
 
 Good to know it's working as intended.
 
 Cheers,
 Darren
 


__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

FreeBSD 4.3 stable PPPoE

2001-06-15 Thread echelon


Dear FreeBSD experts,

Can you let me know what should I do to provide enough information
for the FreeBSD developers to trace/ debug/ fix the PPPoE I experienced with
FreeBSD 4.3 stable, please?

I tried to upgrade from 4.2 stable to 4.3 stable several times after a cvsup
and a clean buildworld during the last two months (April - June 2001). 
As of today, my box still couldn't connect to my ISP via pppoe with 4.3 stable. 
I have no choice but to switch back to 4.2 stable (tcpdump on 4.2 is attached below).

In other world, I can connect to my ISP with FreeBSD 4.2 stable only. Above all,
I cannot enjoy the improvements the FreeBSD developers have made on 4.3 stable. 
I am bound to 4.2 stable.

Thank you.

-echelon

Here is the tcpdump I got:

For 4.3,
(cvsup on May 15 and before), PADI-PADO-PADR-PADS received but PADT arrived before
 an ip was allocated to my box.
(cvsup on June 14), my box send out a stream of PADI without receiveing any PADO.

(tcpdump on 4.2 stable for a normal connection)

tcpdump: listening on xl0
14:37:23.765991 Broadcast 8863 32: PPPoE PADI [Host-Uniq UTF8]
14:37:25.762297 Broadcast 8863 32: PPPoE PADI [Host-Uniq UTF8]
14:37:25.765052 8863 67: PPPoE PADO [Host-Uniq UTF8] [Service-Name] [AC-Name 
-X-]
[AC-Cookie UTF8]
14:37:25.765070 8863 67: PPPoE PADR [Host-Uniq UTF8] [AC-Cookie UTF8] [AC-Name 
-X-]
14:37:25.957263 8863 67: PPPoE PADS [ses 0x79eb] [Host-Uniq UTF8] [AC-Cookie UTF8] 
[AC-Name
-X-]
14:37:25.965396 8864 60: PPPoE  [ses 0x79eb] LCP ConfReq id=0x1 auth PAP magic 
0x936d062e
14:37:26.506862 8864 36: PPPoE  [ses 0x79eb] LCP ConfReq id=0x1 mru 1492 magic 
0xb88717d6
14:37:26.506914 8864 36: PPPoE  [ses 0x79eb] LCP ConfAck id=0x1 auth PAP magic 
0x936d062e
14:37:26.510170 8864 60: PPPoE  [ses 0x79eb] LCP ConfNak id=0x1 mru 1500
14:37:26.510294 8864 36: PPPoE  [ses 0x79eb] LCP ConfReq id=0x2 mru 1500 magic 
0xb88717d6
14:37:26.513226 8864 60: PPPoE  [ses 0x79eb] LCP ConfAck id=0x2 mru 1500 magic 
0xb88717d6
14:37:26.513806 8864 54: PPPoE  [ses 0x79eb] PAP 
14:37:26.707275 8864 60: PPPoE  [ses 0x79eb] PAP 
14:37:26.707818 8864 60: PPPoE  [ses 0x79eb] IPCP 
14:37:26.710496 8864 32: PPPoE  [ses 0x79eb] proto-0x80fd 
14:37:26.710550 8864 50: PPPoE  [ses 0x79eb] IPCP 
14:37:26.710598 8864 32: PPPoE  [ses 0x79eb] IPCP 
14:37:26.714876 8864 60: PPPoE  [ses 0x79eb] LCP ProtRej id=0x1 prot=PROT-0x80fd
14:37:26.716304 8864 60: PPPoE  [ses 0x79eb] IPCP 
14:37:26.717307 8864 44: PPPoE  [ses 0x79eb] IPCP 
14:37:26.721494 8864 60: PPPoE  [ses 0x79eb] IPCP 
14:37:26.722677 8864 44: PPPoE  [ses 0x79eb] IPCP 
14:37:26.728334 8864 60: PPPoE  [ses 0x79eb] IPCP 
...




__
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message

4.3 Release: PPP problem

2001-05-01 Thread echelon


Hi,

I am writing to report that there are some problems
with the ppp on 4.3 release. My box couldn't complete
the login procedure with my DSL provider. There is no
such ppp problem before I cvsup to 4.3 release from
4.3 beta. Currently, I have to cvsup back to 4.3 beta
to resolve this problem (*default date =
2001.03.20.00.00.00.00. The same problem occurs with
4.3 RC (date=2001.04.01.00.00.00.00). Hence, I suspect
this ppp (pppoe + netgraph) problem was introduced
when 4.3 beta was patched to 4.3 RC.

I use this freebsd box as internet gateway, and hence
ppp, ppp nat, netgraph, sshd  ipfilter are used. NIC
is 3Com 3C905B. This ppp problem is resolved after I
rebuilt from the 4.3 beta source tree. The rc.conf,
kernel conf and ppp log are attached at the end.

FYI

-echelon


rc.conf: (abstract only)
gateway_enable=YES
sshd_enable=YES
ipfilter_enable=YES
ppp_enable=YES
ppp_mode=auto
ppp_nat=YES

kernel conf: (abstract only)
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET


Here is the ppp.log (abstract only)

May  1 05:30:01 host ppp[111]: Phase: bundle:
Establish 
May  1 05:30:01 host ppp[111]: Phase: deflink: closed
- opening 
May  1 05:30:01 host ppp[111]: Phase: deflink:
Connected! 
May  1 05:30:01 host ppp[111]: Phase: deflink: opening
- dial 
May  1 05:30:01 host ppp[111]: Chat: deflink: Dial
attempt 1 of 1 
May  1 05:30:01 host ppp[111]: Phase: deflink: dial -
carrier 
May  1 05:30:06 host ppp[111]: Phase: deflink:
Disconnected! 
May  1 05:30:06 host ppp[111]: Phase: deflink: carrier
- hangup 
May  1 05:30:06 host ppp[111]: Phase: deflink: Connect
time: 5 secs: 0 octets in, 0 octets out 
May  1 05:30:06 host ppp[111]: Phase: deflink: :
119162 packets in, 90998 packets out 
May  1 05:30:06 host ppp[111]: Phase:  total 0
bytes/sec, peak 0 bytes/sec on Tue May  1 05:30:06
 2001 
May  1 05:30:06 host ppp[111]: Phase: deflink: hangup
- closed 
May  1 05:30:06 host ppp[111]: Phase: bundle: Dead 
May  1 05:30:11 host ppp[111]: Phase: bundle:
Establish 
May  1 05:30:11 host ppp[111]: Phase: deflink: closed
- opening 
May  1 05:30:11 host ppp[111]: Phase: deflink:
Connected! 
May  1 05:30:11 host ppp[111]: Phase: deflink: opening
- dial 
May  1 05:30:11 host ppp[111]: Chat: deflink: Dial
attempt 1 of 1 
May  1 05:30:11 host ppp[111]: Phase: deflink: dial -
carrier 
May  1 05:30:16 host ppp[111]: Phase: deflink:
Disconnected! 
May  1 05:30:16 host ppp[111]: Phase: deflink: carrier
- hangup 
May  1 05:30:16 host ppp[111]: Phase: deflink: Connect
time: 5 secs: 0 octets in, 0 octets out 
May  1 05:30:16 host ppp[111]: Phase: deflink: :
119162 packets in, 90998 packets out 
May  1 05:30:16 host ppp[111]: Phase:  total 0
bytes/sec, peak 0 bytes/sec on Tue May  1 05:30:16

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message

Re: IPFILTER_DEFAULT_BLOCK No route to host

FreeBSD 4.3 stable PPPoE

4.3 Release: PPP problem

3 matches

Site Navigation

Mail list logo

Footer information