I just upgraded to 4.9-PRERELEASE on my gateway box. After rebooting, I can no longer ping or ssh into it nor will it pass packets. If I put the interface into promiscuous mode using tcpdump -i xl0, it works fine.>From rc.conf:gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN>From $KERNCONF:options IPDIVERT options IPFIREWALL ipfw list says: 00050 divert 8668 ip from any to any via rl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any ifconfig xl0: xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=3<rxcsum,txcsum> inet 10.0.0.2 netmask 0xff000000 broadcast 10.255.255.255 inet6 fe80::201:2ff:feed:432c%xl0 prefixlen 64 scopeid 0x1 ether 00:01:02:ed:43:2c media: Ethernet autoselect (100baseTX <full-duplex>) status: active Anyone have an idea what is wrong? Frank -- "We will not tire, we will not falter, we will not fail." - George W. Bush
On Sat, Sep 20, 2003 at 03:12:32PM -0400, Frank Seltzer wrote:> I just upgraded to 4.9-PRERELEASE on my gateway box.Did you update kernel, modules and world? This kind of thing can happen if you e.g. forget to update the ipfw binary, or kernel module. Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20030920/beda89d7/attachment.bin
On Sat, 20 Sep 2003, Kris Kennaway wrote:> On Sat, Sep 20, 2003 at 03:12:32PM -0400, Frank Seltzer wrote: > > I just upgraded to 4.9-PRERELEASE on my gateway box. > > Did you update kernel, modules and world? This kind of thing can > happen if you e.g. forget to update the ipfw binary, or kernel module. > > KrisI did a make buildworld, buildkernel, installkernel, installworld and mergemaster. Frank -- "We will not tire, we will not falter, we will not fail." - George W. Bush