ipfw size mismatch? Revised
Thomas S. Crum
tscrum at 1wisp.com
Tue Oct 14 09:10:34 PDT 2003
Thanks Ben, it worked like a charm. IPFW2 and dummynet, can't wait! :)
Tom
-----Original Message-----
From: unix at usww.com [mailto:unix at usww.com]
Sent: Monday, October 13, 2003 11:55 PM
To: Thomas S. Crum; unix at usww.com
Subject: Re: ipfw size mismatch? Revised
I hate it when a patch comes out an then a revision. Well this is
not a patch but I made a couple typos in kernel name.
Sorry about that.
Ben Bentsen
USWW Systems
706-547-0087
######## Prev Email ##########
I use 4.8 also and had a problem. The following email came in and
it worked with the standard release of ipfw2.c. I could not get any
of the newer ipfw2.c to properly compile. I sent off an email to
the ipfw group but have had no response. I already had the src's
on my drives.
Subject: RES: ipfw2 with FreeBSD 4.7-Release
Date: Fri, 10 Oct 2003 08:20:33 -0300
From: Renato Barreto <renato_barreto at banrisul.com.br>
To: "'freebsd-ipfw at freebsd.org'" <freebsd-ipfw at freebsd.org>
CC: "'traore at afribone.net.gn'" <traore at afribone.net.gn>
Hi,
To do this run /stand/sysinstall (as root), choose Configure ->
Distributions, then src, and then lib, sbin and sys.
To compile libalias:
cd /usr/src/lib/libalias
make -DIPFW2
make install
To compile ipfw:
cd /usr/src/sbin/ipfw
make -DIPFW2
make install
Build a Kernel with:
cd /usr/src/sys/i386/conf
options IPFW2
# Renato
##### End of Email
##### Beginning of what I personally did in addition to the email
#################################################################
I personally used the following to compile the kernel
# cd /usr/src/sys/i386/conf
# cp GENERIC USWW48-1
# ee USWW48-1 and added options IPFW2
# /usr/sbin/config USWW48-1
# cd ../../compile/USWW48-1
# make depend
# make
# make install
And it worked
Additionally I made the following changes to the kernel
I commented out the following
#cpu I386_CPU
#cpu I486_CPU
#options INET6 #IPv6 communications protocols
#pseudo-device gif # IPv6 and IPv4 tunneling
#pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
### I have had many problems with ip6 so I just omit it for now.
### Until it becomes more of a standard I won;t dive in to it.
And I added the following under maxusers 0
## Start BB
# Add the next line to the end of this file uncommented
# pseudo-device speaker #Play IBM BASIC-style noises out your
speaker BB Added
# I added "reveille" below to the end of rc.local file so when it boots
I know it did.
# echo
"t255l8c.f.afc~c.f.afc~c.f.afc.f.a..f.~c.f.afc~c.f.afc~c.f.afc~c.f..">/d
ev/speaker
# TCPDEBUG is undocumented.
# /usr/sbin/config USWW48V1;cd ../../compile/USWW48V1;make
depend;make;make install
#
# BRIDGE enables bridging between ethernet cards -- see bridge(4).
# You can use IPFIREWALL and dummynet together with bridging.
options IPFW2 # USE make -DIPFW2 when Making
kernel
options BRIDGE
options DUMMYNET # This is for bandwith limiting
see man dummynet
options MROUTING # Multicast routing
options IPFIREWALL # firewall
options IPFIREWALL_FORWARD # enable transparent proxy
support
options IPFIREWALL_VERBOSE # print information about
# dropped packets
options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by
default
options IPDIVERT # divert sockets
options TCPDEBUG
## End BB
I hope this helps it works well for me
Your rules sets may need to checked and MAC addresses
addressed Remember the order of the MACs in rc.local
or rc.firewall. I personally do not use rc.firewall
I put all rules in rc.local. An old method but works
much better and safer for me.
Destination Source
ipfw add 880 pass log logamount 10000 mac 00:50:bf:16:15:37
00:48:54:8a:b7:f4
ipfw add 880 pass log logamount 10000 mac 00:48:54:8a:b7:f4
00:50:bf:16:15:37
I have used FreeBSD for years and am well satisfied with it. I use it on
all
my network boxes.
Ben Bentsen
USWW Systems
706-547-0087
"Thomas S. Crum" wrote:
>
> Hello all,
>
> I recently installed FreeBSD 4.8 release and am having problems
getting
> a dummynet bridge working. Not that dummynet is the problem, I cannot
> get the bridge itself working. I keep getting an error at start:
ipfw:
> size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall
I
> get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument.
>
> I have no ip addresses assigned to either of my two interfaces.
>
> The kernel was rebuilt with the added options:
>
> options BRIDGE
> options IPFIREWALL
> options IPDIVERT (tried with and without this option)
> options IPFIREWALL_VERBOSE
> options IPFW2
> options DUMMYNET
>
> I built the kernel with:
>
> cd /usr/src
> make buildkernel KERNCONF=MYKERNEL
> make installkernel KERNCONF=MYKERNEL
>
> I put these lines in /etc/rc.conf:
>
> firewall_enable="YES"
> firewall_type="OPEN"
> firewall_quiet="YES"
> firewall_logging="YES"
>
> Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's):
>
> net.link.ether.bridge_cfg=rl0:0,rl1:0
> net.link.ether.bridge_ipfw=1
> net.link.ether.bridge=1
>
> I have used this same setup w/ 4.4 with no problem (of course lacking
> the ipfw2 option). Tried google with the errors I'm getting to no
> avail. Any help getting this bridge up will be appreciated.
>
> Best,
>
> Tom
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list