FreeBSD 4.9 ifconfig paralysing interface

Eli K. Breen eli at gopostal.ca
Fri Feb 6 23:38:02 PST 2004 

Synopsis:

Using ifconfig to bring down my network interface, adding an IP alias, 
and bringing this interface back up causes the non-aliased IP to cease 
to be pingable and is effectively dead (no ping, ftp, ssh etc), until 
this interface is brought down and up again.

This only occurs the first time this interface is brought up after 
adding the alias.

Is this a known problem, or just a bug?


ifconfig for the related device returns:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet 192.168.98.1 netmask 0xffffff00 broadcast 192.168.98.255
         inet6 fe80::2d0:b7ff:fe5a:cb7e%fxp0 prefixlen 64 scopeid 0x2
         inet 192.168.98.2 netmask 0xffffff00 broadcast 192.168.98.255
         ether 00:d0:b7:5a:cb:7e
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active


rc.firewall looks like this:

fwcmd="/sbin/ipfw"
#below address hidden
eip="xx.xx.xxx.xxx/32"
innet="192.168.98.0/24"
innic="fxp0"
outnic="xl0"

$fwcmd -f flush
$fwcmd add 00006 deny all from 66.220.17.0/24 to me
$fwcmd add 00006 deny all from 69.6.21.0/24 to me
$fwcmd add 00006 deny all from 64.94.110.11/32 to me
$fwcmd add 00014 deny tcp from any to any in recv any tcpflags fin,syn
$fwcmd add 00015 deny ip from any to any in recv any frag
$fwcmd add 00017 allow tcp from any to me 22 setup
$fwcmd add 00018 allow all from me to me via lo0
$fwcmd add 00019 allow all from me to any via $innic
$fwcmd add 00021 divert natd all from any to any via $outnic
$fwcmd add 00023 check-state
$fwcmd add 00024 allow tcp from any to any established
$fwcmd add 00026 allow tcp from me to any out xmit any setup keep-state
$fwcmd add 00027 allow all from me to any out xmit any keep-state
$fwcmd add 00032 allow ip from any to me keep-state via $innic
$fwcmd add 00033 allow tcp from $innet to any keep-state setup
$fwcmd add 00035 allow udp from $innet to any
$fwcmd add 00042 allow tcp from any to me 25,53,80,443,993,8098 in recv 
any setup keep-state
$fwcmd add 00043 allow udp from any to me 53,123,1024,15900,15901,18080 
in recv any keep-state
$fwcmd add 00046 allow log tcp from any to me 15900,15901,18080 in recv 
any setup keep-state
$fwcmd add 00049 allow tcp from 209.17.183.249 to me 21 in recv any 
setup keep-state
$fwcmd add 00055 allow icmp from any to any icmptypes 0,3,8,11,12,13,14
$fwcmd add 00125 allow udp from any to any 27005-27020
$fwcmd add 00127 allow udp from any 27005-27020 to any


Thanks!

-Eli

More information about the freebsd-stable mailing list