From nobody@FreeBSD.org  Fri Jan 11 20:14:28 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3BD3E37B419
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 11 Jan 2002 20:14:28 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0C4ESb32318;
	Fri, 11 Jan 2002 20:14:28 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201120414.g0C4ESb32318@freefall.freebsd.org>
Date: Fri, 11 Jan 2002 20:14:28 -0800 (PST)
From: Gary <gary@outloud.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw bug/problem 
X-Send-Pr-Version: www-1.0

>Number:         33804
>Category:       kern
>Synopsis:       ipfw bug/problem
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 11 20:20:01 PST 2002
>Closed-Date:    Sun Jun 29 09:31:33 PDT 2003
>Last-Modified:  Sun Jun 29 13:50:14 PDT 2003
>Originator:     Gary
>Release:        4.5-RC
>Organization:
outloud.org
>Environment:
>Description:
On FreeBSD 4.3-STABLE, I could perform the following ipfw rules without problem.

208.141.46.11 is the actual interface, not a virutal IP. 208.141.46.249 is a aliased IP. The actual problem is, in fact, identd not working. When I set this type of firewall ruleset up on the older versions, identd was running out of inetd.conf, as user root. I could be able to force users not to abuse my hosts, and still permit identd to work for me. As of 4.4-RELEASE/4.5-RC, this same setup causes identd to stop working. I don't know what has changed since then, I was browsing the CVS archive, and I can't seem to find a problem.



$fwcmd add permit ip from 208.141.46.249 to any gid ancient
$fwcmd add permit ip from 208.141.46.11 to any gid ancient
$fwcmd add permit ip from any to any uid nobody
$fwcmd add permit ip from any to any uid root
$fwcmd add deny log ip from 208.141.46.249 to any



>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:

From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Gary <gary@outloud.org>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/33804: ipfw bug/problem
Date: Sat, 12 Jan 2002 01:34:17 -0800

 On Fri, Jan 11, 2002 at 08:14:28PM -0800, Gary wrote:
 [snip]
 
 > On FreeBSD 4.3-STABLE, I could perform the following ipfw rules without problem.
 > 
 > 208.141.46.11 is the actual interface, not a virutal IP. 208.141.46.249 is a aliased IP. The actual problem is, in fact, identd not working. When I set this type of firewall ruleset up on the older versions, identd was running out of inetd.conf, as user root. I could be able to force users not to abuse my hosts, and still permit identd to work for me. As of 4.4-RELEASE/4.5-RC, this same setup causes identd to stop working. I don't know what has changed since then, I was browsing the CVS archive, and I ca n't seem to find a problem.
 > 
 > 
 > 
 > $fwcmd add permit ip from 208.141.46.249 to any gid ancient
 > $fwcmd add permit ip from 208.141.46.11 to any gid ancient
 > $fwcmd add permit ip from any to any uid nobody
 > $fwcmd add permit ip from any to any uid root
 > $fwcmd add deny log ip from 208.141.46.249 to any
 
 Why do you think the problem is firewall related? What auth packets
 are being logged by that last entry?
 -- 
 "It's always funny until someone gets hurt. Then it's hilarious."
 
 Crist J. Clark                     |     cjclark@alum.mit.edu
                                    |     cjclark@jhu.edu
 http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
State-Changed-From-To: open->feedback 
State-Changed-By: johan 
State-Changed-When: Tue May 6 12:57:02 PDT 2003 
State-Changed-Why:  
Is this still a problem? 


Responsible-Changed-From-To: freebsd-bugs->ipfw 
Responsible-Changed-By: johan 
Responsible-Changed-When: Tue May 6 12:57:02 PDT 2003 
Responsible-Changed-Why:  
Over to maintainer group. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33804 
State-Changed-From-To: feedback->closed 
State-Changed-By: luigi 
State-Changed-When: Sun Jun 29 09:30:01 PDT 2003 
State-Changed-Why:  
feedback was requested over 1 yr ago. 
Assuming the problem still persists, the poster can 
resubmit a PR. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=33804 

From: Gary Stanley <gary@outloud.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/33804: ipfw bug/problem
Date: Sun, 29 Jun 2003 16:46:13 -0400

 Fixed sometime within the last year.
 
 Please close. :)
 
 
>Unformatted:
