IPFILTER_DEFAULT_BLOCK & No route to host

From: echelon (e_chelon_at_yahoo.com)
Date: 09/30/03

  • Next message: Jason: "Re: IPFILTER_DEFAULT_BLOCK & No route to host" 
    Date: Mon, 29 Sep 2003 20:27:35 -0700 (PDT)
To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org

    Hi,

    After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
    with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.

    In addition, the machine cannot ping itself.

    ping localhost (or 127.0.0.1) -> no route to host
    ping itself with its own ip address -> no route to host

    The freebsd box, with an external pppoe connection, is configured as a gateway with nat.
    Interestingly, all machines on the lan can access the internet via the freebsd box normally even
    though the freebsd box cannot be ping'd from these machines.

    The routing table is fine. All these problems go away if I remove the option
    IPFILTER_DEFAULT_BLOCK from the kernel conf. I make clean before buildworld/kernel.

    Thank you.
    e_chelon

    __________________________________
    Do you Yahoo!?
    The New Yahoo! Shopping - with improved product search
    http://shopping.yahoo.com
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Jason: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"

    Relevant Pages