Transproxy and ipfw

Matthew Seaman m.seaman at
Sun May 18 02:51:11 PDT 2003

On Sun, May 18, 2003 at 11:56:03AM +0545, Rohit Neupane wrote:
> Hi,
> `ipfw add 50 fwd,3128 tcp from any to any 80`  returns ipfw: 
> getsockopt(IP_FW_ADD): Invalid argument
> I'm running FreeBSD 4.6 with the default kernel. I guess 
> IPFIREWALL_FORWARD option is enabled in kernel.
> Do i need to enable it in /etc/rc.conf? if so then how?

ipfw(8) is not enabled in the GENERIC kernel.  You've got two choices:

i) build yourself a custom kernel with the appropriate options --- at

    options  IPFIREWALL

and probably such things as

    options IPDIVERT

(IPDIVERT is needed if you're going to using ipfw(8) and natd(8)) ---
see /usr/src/sys/i386/conf/LINT for details of what's available.

ii) Load the ipfw.ko kernel module into your kernel at boot time.  You
can see which kernel modules you have loaded by:

    # kldstat

and you can load the ipfw module by:

    # kldload ipfw

However, in the specific case of ipfw(8), you can arrange for all
necessary kernel modules to be loaded at boot time by setting:


in /etc/rc.conf --- you'll need that even if you've compiled a kernel
with ipfw support built in.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list