Kernel Update / IPFW not working
Thomas Sandford
freebsduser at paradisegreen.co.uk
Mon Mar 7 12:12:27 UTC 2011
On 06/03/2011 14:23, Dave Johnson wrote:
> An IPFW problem when going from release to stable on 8.2
>
> An help gladly accepted
>
> LOG ON
>
> Flushed all rules.
> 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
> 00030 divert 8668 ip from any to any via bge0
> ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 50000 allow ip from any to any
> Firewall rules loaded.
> Starting natd.
>
> rc.conf
> defaultrouter="192.168.0.1"
> gateway_enable="YES"
> hostname="xxx.xxx.xxx"
> ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0"
> ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0"
> keymap="us.iso"
> moused_enable="YES"
> sshd_enable="YES"
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> natd_program="/sbin/natd"
> natd_enable="YES"
> natd_interface="bge0"
> natd_flags="-f /etc/natd.conf"
> dhcpd_enable="NO"
> dhcpd_flags="-q"
> dhcpd_conf="/usr/local/etc/dhcpd.conf"
> dhcpd_ifaces="em0"
> dhcpd_withumask="022"
>
> ... [additional config which doesn't further isolate the problem snipped] ...
It's a bug with the ipfw / natd startup scripts.
See:
http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/148137
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/148928
http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/153155
The latter has a patch to fix the problem.
More information about the freebsd-stable
mailing list