We have not tried as new as b134. As soon as we get a few other things straigtened up, we will set up that test on a spare PC.
I have tested this on a box without ipv4-forwarding and without using ipf and it did the same thing. I also even unloaded the ipf kernel module and was able to still reproduce the error. I enabled ipv4-forwarding via SMF on svc:network/ipv4-forwarding Here are my firewall rules: The server the opensolaris box is replacing was a NetBSD 2.0 that also ran ipf for firewalling so these rules were just copied. block in on igb0 proto tcp/udp from any to any port <= 1024 block in on igb0 proto tcp/udp from any to any port = nfs block in on igb0 proto tcp/udp from any to any port = 3306 block in on igb0 proto tcp/udp from any to any port = 1717 block in on igb0 proto tcp/udp from any to any port = 62579 block in on igb0 proto tcp/udp from any to any port = 2401 pass in on igb0 proto tcp from any to any port = 25 pass in on igb0 proto tcp from any to any port = 21 pass in on igb0 proto tcp from any to any port = 20 pass in on igb0 proto tcp from any to any port = 22 pass in on igb0 proto tcp from any to any port = 80 pass in on igb0 proto tcp from any to any port = 443 pass in on igb0 proto tcp from any to any port = 993 pass in on igb0 proto udp from any to any port = 69 pass in on igb0 from 67.40.67.0/255.255.248.0 block in log on igb3 proto tcp from any to !192.168.0.0/255.255.255.0 port = 25 block in log on igb3 proto icmp from 192.168.0.0/255.255.0.0 to 10.0.0.0/255.0.0.0 #block in on igb0 from any to 166.211.162.0/255.255.255.0 # this guy tried multiple times per second to login as root via ssh block in on igb0 from 209.25.178.53 to any # DoS FTP downloads block in on igb0 from 64.223.94.200 to any # trying to login forever on FTP as administrator (both of these bozos) 10/9/2006 block in on igb0 from 211.137.77.206 to any block in on igb0 from 61.178.185.124 to any block in on igb0 from 211.234.125.17 to any # login on FTP as Administrator block in on igb0 from 203.255.14.222 to any block in on igb0 from 81.83.10.201 to any # DoS FTP logins block in on igb0 from 203.99.178.49 to any block in on igb0 from 67.19.239.68 to any # Big time spammer 12/23/08 block in on igb0 from 217.21.49.220 to any # DoS FTP 2/13/09 block in log on igb0 from 218.75.223.123 to any # DoS FTP 8/14/09 block in log on igb0 from 202.28.186.3 to any # DoS FTP 9/15/09 block in log on igb0 from 161.246.25.222 to any # DoS FTP 10/14/09 block in log on igb0 from 221.182.46.71 to any # DoS FTP 10/21/09 block in log on igb0 from 201.22.177.122 to any # DoS FTP 11/13/09 block in log on igb0 from 198.190.230.62 to any # DoS FTP 11/19/09 block in log on igb0 from 84.122.155.179 to any -- This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
