The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Article Feedback - NetSaint - a network monitor
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Was it the ipf kernel option?
Author: Danny 
Date:   22-09-01 14:28

I did almost the same thing the other day. I also build world and kernel (through make buildkernel KERNCONF=XYZ) and then installed over NFS on my firewall box. Same problem, although I never use kernel option default block for ipfilter. I don't see any merit in doing so, after all who would use a firewall with no rules.

I.M.H.O. , as indicated in the article the problem has something to do with kernel and world being out of sync. What saved the day is not changing a ipf kernel option but rather merely compiling a new kernel (the old fashioned way, make config, make depend, etc). I realised that when dmesg didn't work either. The moral: when upgrading world, compile and install a GENERIC kernel first. That one will work, custom kernels might not. Then after installworld and mergemaster install the custom kernel. Yes, I know, this is also the method recommended in the Handbook but we all try to cut corners don't we ;-)

Where exactly the difference lies, I don't know. I suspect the automated make depend step when using buildkernel. Any comments?

P.S.
Before the upgrade I used a custom rc.ipfilter script to start ipf, ipnat and ipmon from. Here's a tip when using ipf with the rc.network script (unmodified): The ipmon_flags default to -Ds, (D=run as daemon) setting it to -s only like I did before will keep your shell occupied when booting making it look like the box hangs during boot. Also, by setting ipnat_flags to "> /dev/null" you can get rid of the ugly ipnat output during boot.

Greetings,
Danny

Reply To This Message
 
 Re: Was it the ipf kernel option?
Author: Dan Langille 
Date:   22-09-01 16:55

Ahhh, *click*

There will be a difference between the old GENERIC and the new GENERIC......

But in my case, yes, it was the custom kernel which locked me out of the box. Everything else, AFAIK, was functioning correctly.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org