make buildkernel failed related to ip_divert module
John Hay
jhay at icomtek.csir.co.za
Mon Oct 25 23:35:55 PDT 2004
On Mon, Oct 25, 2004 at 10:25:44PM +0200, Andre Oppermann wrote:
> Sean McNeil wrote:
> >On Mon, 2004-10-25 at 13:13, Andre Oppermann wrote:
> >>Conrad J. Sabatier wrote:
> >>>For a further bit of clarification (I know, should have done this the
> >>>first time):
> >>>
> >>>This problem is occurring with the following kernel options:
> >>>
> >>>options IPDIVERT
> >>>options IPFILTER
> >>>options IPFILTER_LOG
> >>>
> >>>The only workaround at this time is adding "options IPFIREWALL".
> >>
> >>Yes, that is correct.
> >>
> >>IPDIVERT is a module now and you can dynamically load it just like you
> >>can load ipfw (options IPFIREWALL).
> >>
> >>IPDIVERT depends on ipfw being loaded or compiled into the kernel.
> >>
> >>I have done the last step of IPDIVERT's transition into a KLD a few
> >>minutes ago. It will warn you now if you try to compile it into a
> >>kernel without IPFIREWALL as well. As a module it will simply complain
> >>that ipfw needs to be loaded first.
> >
> >
> >I build my kernel with
> >
> >options IPFIREWALL
> >options IPFIREWALL_FORWARD
> >options IPDIVERT
> >
> >Can I now use loadable modules as well? Will IPFIREWALL have the
> >forwarding option or would I still have to specify that?
>
> You can certainly use IPDIVERT as a loadable module. The FORWARD option
> to IPFIREWALL needs to be compiled into the module if you want to load
> it as a module. For modules options in the kernel configuration file
> are not automatically included. You have to edit sys/modules/ipfw/Makefile
> instead. Then you can load everything as module. If you start natd from
> rc.conf it will load ipdivert.ko automatically (if you have run mergemaster
> to update your rc scripts).
Is there any harm in making IPFIREWALL_FORWARD default for the ipfw
module? For that matter, why have a separate FORWARD option and not
just have it as part of the standard firewall stuff?
And related to this, is there a problem with kern/71910? This one is
needed on a NAT box that have to forward packets to a web proxy for
transparent proxying.
John
--
John Hay -- John.Hay at icomtek.csir.co.za / jhay at FreeBSD.org
More information about the freebsd-current
mailing list