Subject: routing to localhost - msg#00075

Previous Message by Date: click to view message preview

Re: clarification on /etc/rc.firewall ("in via ..." commands etc.)

Luigi Rizzo wrote: Hi, I was looking at /etc/rc.firewall, and noticed that there is a number of rules with "... in via $ifname". Looking at the ipfw1 code: + "in" only matches if a packet has a receive interface associated with it. + "via $ifname" matches 1) the xmit interface is one is associated with the packet, or 2) the receive interface if one is associated with the packet, or 3) it fails if no interfaces are associated with the packet. So, my first question is where in our protocol stack we can have packets with neither receive or xmit interfaces; The second question is whether the sequence "in via $ifname" should be replaced by "in recv $ifname" (which is in my opinion makes it more clear which traffic is being matched. On a slightly tangential note, isn't it still the case that a packet that gas been returned by natd (or any divert daemon) has lost any knowledge of its "in recv" interface? _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Date: click to view message preview

Re: routing to localhost

Fixed. I wasn't aware I needed network_interfaces="rl0 lo0" in /etc/rc.conf. I realize they're not needed at all now. On July 16, 2003 12:51 pm, Patrick C wrote: > For reasons unknown, any connections to localhost -- tcp, icmp, or udp -- > are all originating from my external interface, rl0: > > > $ telnet localhost 25 > Trying ::1... > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Can't assign requested address > telnet: Unable to connect to remote host > > IPFW log: > Jul 16 12:46:43 octo ipfw: 100 Accept TCP 192.168.1.119:1434 127.0.0.1:25 > out via rl0 > > > $ ping localhost > PING localhost (127.0.0.1): 56 data bytes > ping: sendto: Can't assign requested address > > > $ netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.1.1 UGSc 29 198 rl0 > 172.16.0.1 00:50:bf:5a:ec:b0 UHLW 0 74 lo0 => > 172.16.0.1/32 link#1 UC 1 0 rl0 > 172.16.0.2 00:50:bf:5a:ec:b0 UHLW 0 524 lo0 => > 172.16.0.2/32 link#1 UC 1 0 rl0 > 172.16.0.3/32 link#1 UC 0 0 rl0 > 192.168.1 link#1 UC 2 0 rl0 > 192.168.1.1 00:06:25:82:82:49 UHLW 30 12 rl0 1189 > 192.168.1.119 00:50:bf:5a:ec:b0 UHLW 0 20 lo0 > > > I notice there is no way entry for 127.0.0.1. How can I add one? > _______________________________________________ > freebsd-stable@xxxxxxxxxxx mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx" _______________________________________________ freebsd-stable@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Previous Message by Thread: click to view message preview

clarification on /etc/rc.firewall ("in via ..." commands etc.)

Hi, I was looking at /etc/rc.firewall, and noticed that there is a number of rules with "... in via $ifname". Looking at the ipfw1 code: + "in" only matches if a packet has a receive interface associated with it. + "via $ifname" matches 1) the xmit interface is one is associated with the packet, or 2) the receive interface if one is associated with the packet, or 3) it fails if no interfaces are associated with the packet. So, my first question is where in our protocol stack we can have packets with neither receive or xmit interfaces; The second question is whether the sequence "in via $ifname" should be replaced by "in recv $ifname" (which is in my opinion makes it more clear which traffic is being matched. cheers luigi _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Thread: click to view message preview

Re: routing to localhost

Fixed. I wasn't aware I needed network_interfaces="rl0 lo0" in /etc/rc.conf. I realize they're not needed at all now. On July 16, 2003 12:51 pm, Patrick C wrote: > For reasons unknown, any connections to localhost -- tcp, icmp, or udp -- > are all originating from my external interface, rl0: > > > $ telnet localhost 25 > Trying ::1... > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Can't assign requested address > telnet: Unable to connect to remote host > > IPFW log: > Jul 16 12:46:43 octo ipfw: 100 Accept TCP 192.168.1.119:1434 127.0.0.1:25 > out via rl0 > > > $ ping localhost > PING localhost (127.0.0.1): 56 data bytes > ping: sendto: Can't assign requested address > > > $ netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.1.1 UGSc 29 198 rl0 > 172.16.0.1 00:50:bf:5a:ec:b0 UHLW 0 74 lo0 => > 172.16.0.1/32 link#1 UC 1 0 rl0 > 172.16.0.2 00:50:bf:5a:ec:b0 UHLW 0 524 lo0 => > 172.16.0.2/32 link#1 UC 1 0 rl0 > 172.16.0.3/32 link#1 UC 0 0 rl0 > 192.168.1 link#1 UC 2 0 rl0 > 192.168.1.1 00:06:25:82:82:49 UHLW 30 12 rl0 1189 > 192.168.1.119 00:50:bf:5a:ec:b0 UHLW 0 20 lo0 > > > I notice there is no way entry for 127.0.0.1. How can I add one? > _______________________________________________ > freebsd-stable@xxxxxxxxxxx mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx" _______________________________________________ freebsd-stable@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"