ipfilter package is broken ? - SGI

This is a discussion on ipfilter package is broken ? - SGI ; Hello, I tryed to install on 6.5.20m the ipfilter package provided on http://www.sgi.com/products/evaluati...filter_3.4.27/ when I reboot the system after installation the system hangs and I have to enter in single user mode and delete the ipfilter package if I Want ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: ipfilter package is broken ?

  1. ipfilter package is broken ?


    Hello,
    I tryed to install on 6.5.20m the ipfilter package provided
    on
    http://www.sgi.com/products/evaluati...filter_3.4.27/

    when I reboot the system after installation the system hangs
    and I have to enter in single user mode and delete the
    ipfilter package if I Want to be able to boot up IRIX
    again.
    I do not know what is wrong with that... but it does not work.
    I do not have the mips pro compiler so I cannot compile
    ipfilter myself.
    Does anyone has a working ipfilter packages precompiled
    and working with 6.5.20 ?
    thank you very much

    Rick


  2. Re: ipfilter package is broken ?

    RJ45 writes:
    > I tryed to install on 6.5.20m the ipfilter package provided
    > on
    > http://www.sgi.com/products/evaluati...filter_3.4.27/
    >
    > when I reboot the system after installation the system hangs
    > and I have to enter in single user mode and delete the
    > ipfilter package if I Want to be able to boot up IRIX
    > again.
    > I do not know what is wrong with that... but it does not work.
    > I do not have the mips pro compiler so I cannot compile
    > ipfilter myself.
    > Does anyone has a working ipfilter packages precompiled
    > and working with 6.5.20 ?
    > thank you very much


    I have an ipfilter 3.4.27 setup in 6.5.22m that works just fine.
    You might first investigate on some topics to gather more information:

    What hardware are you using?
    Have you checked verbose boot messages? "chkconfig | grep verbose"
    What boot messages does ipfilter produce?
    What does "chkconfig | grep ipfilter" tell you?
    Can you tell at which point in the boot process the system hangs?
    Is the system still reachable from the network (ping, ssh, nfs ...)?
    Could you post the contents of /etc/ipf.conf?
    When ipfilter is installed and you have booted to single user, what
    output does ipf -V give?
    Could you list the subsystems from the ipfilter distribution that you
    actually installed? "showprods ipfilter"

    In my case it's an IP22.

    showprods ipfilter output:
    I = Installed, R = Removed

    Name Date Description

    I ipfilter 04/12/2004 IPFilter 3.4.27
    I ipfilter.books 04/12/2004 IPFilter Books
    I ipfilter.books.IPFilter_UG 04/12/2004 IPFilter Firewall User's Guide
    I ipfilter.man 04/12/2004 IPFilter Documentation
    I ipfilter.man.doc 04/12/2004 Documentation
    I ipfilter.man.man 04/12/2004 Man Pages
    I ipfilter.man.relnotes 04/12/2004 Release Notes
    I ipfilter.sw 04/12/2004 IPFilter Software
    I ipfilter.sw.base 04/12/2004 Kernel Module and Tools

    ipf -V output:
    ipf: IPFilter: v3.4.27 (328)
    Kernel: IPFilter: v3.4.27
    Running: yes
    Log Flags: 0 = none set
    Default: pass all, Logging: available
    Active list: 0



    There are some other things worth checking, but I think answers to the
    above questions should give us a better idea of what is going wrong.

    Because you can go to single user, it seems to me that the kernel module
    is included successfully.

    Thomas Jahns
    --
    "Computers are good at following instructions,
    but not at reading your mind."
    D. E. Knuth, The TeXbook, Addison-Wesley 1984, 1986, 1996, p. 9

  3. Re: ipfilter package is broken ?

    > Hello,
    > I tryed to install on 6.5.20m the ipfilter package provided
    > on
    > http://www.sgi.com/products/evaluati...filter_3.4.27/
    >
    > when I reboot the system after installation the system hangs
    > and I have to enter in single user mode and delete the
    > ipfilter package if I Want to be able to boot up IRIX
    > again.
    > I do not know what is wrong with that... but it does not work.
    > I do not have the mips pro compiler so I cannot compile
    > ipfilter myself.
    > Does anyone has a working ipfilter packages precompiled
    > and working with 6.5.20 ?
    > thank you very much


    First of all, I recommend you sign up to the IPFilter mailing list. The
    instructions are @ http://coombs.anu.edu.au/~avalon/

    Next, go to 3.4.33, or at least 3.4.29. 3.4.33 is the latest 3.4.x stable
    version, with many fixes introduced. I've been running it for a long time
    without problems (albeit on Solaris7 SPARC). Don't fall into the trap of
    going for 4.1.x, because it still has a lot of problems with pfil to be
    ironed out.

    You don't need the MIPSPro C compiler to compile IPFilter; gcc will do.
    As always, don't run `make install`, but package it into a (tar)dist
    instead!



  4. Re: ipfilter package is broken ?


    compiling with gcc nothing works...

    /usr/include/netinet/tcp_var.h:269: error: field `t_lnk6' has incomplete
    type
    /usr/include/netinet/tcp_var.h:271: error: field `t_template6' has
    incomplete type

    gcc version 3.3

    thanks

    Rick

    On 2004-07-30, UNIX admin wrote:
    >> Hello,
    >> I tryed to install on 6.5.20m the ipfilter package provided
    >> on
    >> http://www.sgi.com/products/evaluati...filter_3.4.27/
    >>
    >> when I reboot the system after installation the system hangs
    >> and I have to enter in single user mode and delete the
    >> ipfilter package if I Want to be able to boot up IRIX
    >> again.
    >> I do not know what is wrong with that... but it does not work.
    >> I do not have the mips pro compiler so I cannot compile
    >> ipfilter myself.
    >> Does anyone has a working ipfilter packages precompiled
    >> and working with 6.5.20 ?
    >> thank you very much

    >
    > First of all, I recommend you sign up to the IPFilter mailing list. The
    > instructions are @ http://coombs.anu.edu.au/~avalon/
    >
    > Next, go to 3.4.33, or at least 3.4.29. 3.4.33 is the latest 3.4.x stable
    > version, with many fixes introduced. I've been running it for a long time
    > without problems (albeit on Solaris7 SPARC). Don't fall into the trap of
    > going for 4.1.x, because it still has a lot of problems with pfil to be
    > ironed out.
    >
    > You don't need the MIPSPro C compiler to compile IPFilter; gcc will do.
    > As always, don't run `make install`, but package it into a (tar)dist
    > instead!
    >
    >


  5. Re: ipfilter package is broken ?


    system hangs when the ipf kernel module is loaded

    on the screen is just writen

    IPF

    and nothing more happens

    system is not pingable it is really blocked

    thanks

    Rick

    On 2004-07-30, UNIX admin wrote:
    >> Hello,
    >> I tryed to install on 6.5.20m the ipfilter package provided
    >> on
    >> http://www.sgi.com/products/evaluati...filter_3.4.27/
    >>
    >> when I reboot the system after installation the system hangs
    >> and I have to enter in single user mode and delete the
    >> ipfilter package if I Want to be able to boot up IRIX
    >> again.
    >> I do not know what is wrong with that... but it does not work.
    >> I do not have the mips pro compiler so I cannot compile
    >> ipfilter myself.
    >> Does anyone has a working ipfilter packages precompiled
    >> and working with 6.5.20 ?
    >> thank you very much

    >
    > First of all, I recommend you sign up to the IPFilter mailing list. The
    > instructions are @ http://coombs.anu.edu.au/~avalon/
    >
    > Next, go to 3.4.33, or at least 3.4.29. 3.4.33 is the latest 3.4.x stable
    > version, with many fixes introduced. I've been running it for a long time
    > without problems (albeit on Solaris7 SPARC). Don't fall into the trap of
    > going for 4.1.x, because it still has a lot of problems with pfil to be
    > ironed out.
    >
    > You don't need the MIPSPro C compiler to compile IPFilter; gcc will do.
    > As always, don't run `make install`, but package it into a (tar)dist
    > instead!
    >
    >


  6. Re: ipfilter package is broken ?

    > compiling with gcc nothing works...
    >
    > /usr/include/netinet/tcp_var.h:269: error: field `t_lnk6' has incomplete
    > type
    > /usr/include/netinet/tcp_var.h:271: error: field `t_template6' has
    > incomplete type
    >
    > gcc version 3.3


    This is definitely one for the mailing list and one for Darren. If anybody,
    he'll have at least a vague idea of what is going on, and he'll probably
    provide a patch for it. He may also have you do some testing with
    recompilation of the source code after patch(es) has(have) been introduced.



  7. Re: ipfilter package is broken ?

    > system hangs when the ipf kernel module is loaded
    >
    > on the screen is just writen
    >
    > IPF
    >
    > and nothing more happens
    >
    > system is not pingable it is really blocked
    >
    > thanks


    I believe that on IRIX IPF is implemented as an LKM (someone correct me if
    I'm wrong), and from what I've read on the IPF homepage, there are issues
    with that.



+ Reply to Thread