Kernel Update / IPFW not working

Michael Scheidell michael.scheidell at secnap.com
Sun Mar 6 15:12:50 UTC 2011 

Might be an ipv6 issue.  Try divert ipv4 not ip.

--
Michael Scheidell
CTO SECNAP Network Security
561-948-2259<tel:5619482259>


-----Original message-----
From: Dave Johnson <ctfreebsd at gmail.com>
To: "freebsd-ipfw at freebsd.org" <freebsd-ipfw at freebsd.org>, "freebsd-stable at freebsd.org" <freebsd-stable at freebsd.org>
Sent: Sun, Mar 6, 2011 14:56:12 GMT+00:00
Subject: Kernel Update / IPFW not working

Hi all


An IPFW problem when going from release to stable on 8.2

An help gladly accepted

LOG ON

Flushed all rules.
00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
00030 divert 8668 ip from any to any via bge0
ipfw: getsockopt(IP_FW_ADD): Invalid argument
50000 allow ip from any to any
Firewall rules loaded.
Starting natd.

rc.conf
defaultrouter="192.168.0.1"
gateway_enable="YES"
hostname="xxx.xxx.xxx"
ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0"
ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0"
keymap="us.iso"
moused_enable="YES"
sshd_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="bge0"
natd_flags="-f /etc/natd.conf"
dhcpd_enable="NO"
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_ifaces="em0"
dhcpd_withumask="022"

natd.conf

interface bge0
use_sockets yes
same_ports yes
log
#redirect_port tcp 192.168.1.189:3389 3389
#redirect_port tcp 192.168.1.53:5500 5500

#!/bin/sh

/sbin/ipfw -f flush
/sbin/ipfw -f pipe flush



#Nat Rules
/sbin/ipfw add 10 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
/sbin/ipfw add 30 divert natd all from any to any via bge0


#Forward to Transparent Proxy Server
#/sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80
#/sbin/ipfw add 10010 fwd 127.0.0.1,3128 tcp from 10.0.21.2 to any 80

/sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80


/sbin/ipfw add 50000 allow ip from any to any

KERNEL

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET

Regards
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list