ipfw2 broken in -current?
Ruslan Ermilov
ru at freebsd.org
Sat May 24 10:53:54 PDT 2003
On Fri, May 23, 2003 at 10:20:30PM -0700, Jason Dambrosio wrote:
> # ipfw show
> 65535 2875 1377389 deny ip from any to any
> # ping lava.net
> PING lava.net (64.65.64.17): 56 data bytes
> 64 bytes from 64.65.64.17: icmp_seq=0 ttl=242 time=58.529 ms
> # ipfw add 100 divert natd ip from any to any via bge0
> ipfw: getsockopt(IP_FW_ADD): Invalid argument
> ipfw: opcode 50 size 1 wrong
> # uname -a
> FreeBSD test-server 5.1-BETA FreeBSD 5.1-BETA #12: Fri May 23 18:11:41 HST 2003
>
> I have:
>
> options IPDIVERT
> options IPSTEALTH
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=0
> options IPFIREWALL_DEFAULT_TO_ACCEPT
>
> and
>
> sysctl net.inet.ip.forwarding=1
> sysctl net.inet.ip.fastforwarding=1
> sysctl net.inet.ip.stealth=1
>
grep ipfw /var/run/dmesg.boot, if it says "divert disabled"
it means that you forgot to recompile/reinstall your kernel
properly with the "options IPDIVERT".
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
ru at sunbay.com Sunbay Software AG,
ru at FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20030524/de6127e7/attachment.bin
More information about the freebsd-ipfw
mailing list