ipdivert rule will not load
freebsd at stateautomation.com
freebsd at stateautomation.com
Thu Jul 1 03:08:09 PDT 2004
> freebsd at stateautomation.com schrieb:
>
> > ipfw will not accept a DIVERT rule. e.g the rule I am trying to add is..
>
> > ipfw add 3000 divert 8668 ip from any to any via sis0
> > The response I get is... ipfw: getsockopt(IP_FW_ADD): Invalid argument
> > I have built a custom kernel with the following optional lines
> > options IPFIREWALL
> > options IPFIREWALL_VERBOSE
> > options IPFIREWALL_VERBOSE_LIMIT
> > options IPDIVERT
> > Does anyone know why the system will not accept the divert rule?
> Thankyou.
>
J.S.
> The options seem to be correct, however the error message indicates
> the lack of 'divert' in the kernel. Are you sure you properly
> built and *installed* your custom kernel? Check the output of
> 'dmesg | grep divert', you should see '... divert enabled...',
> otherwise something went wrong with your kernel build.
>
> Thomas
>
>
Thomas, you are right - thankyou. The output of "dmesg | grep
divert" shows that divert is disabled.
kldstat also shows that the loadable module ipfw.ko is loaded which
suggests that that may
be stopping ipfw being loaded in the main kernel (and therefore
divert sockets not being available -
I read this in a post in the archives).
Does anyone know where to look to see where the loadable module
ipfw.ko may be getting loaded?
Is there a way I can grep for the pattern ipfw.ko from the /
directory so that it will look for a match on my entire file system? When I
use grep -r -i ipfw.ko /* |more (to search my entire filesystem from the /
directory)
I get the response grep: memory exhausted (I have 256MB RAM).
Thanks for any responses.
Regards,
J.S.
More information about the freebsd-ipfw
mailing list