Transproxy and ipfw
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun May 18 02:51:11 PDT 2003
On Sun, May 18, 2003 at 11:56:03AM +0545, Rohit Neupane wrote:
> Hi,
> `ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80` returns ipfw:
> getsockopt(IP_FW_ADD): Invalid argument
>
> I'm running FreeBSD 4.6 with the default kernel. I guess
> IPFIREWALL_FORWARD option is enabled in kernel.
> Do i need to enable it in /etc/rc.conf? if so then how?
ipfw(8) is not enabled in the GENERIC kernel. You've got two choices:
i) build yourself a custom kernel with the appropriate options --- at
least:
options IPFIREWALL
and probably such things as
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=128
options IPDIVERT
(IPDIVERT is needed if you're going to using ipfw(8) and natd(8)) ---
see /usr/src/sys/i386/conf/LINT for details of what's available.
ii) Load the ipfw.ko kernel module into your kernel at boot time. You
can see which kernel modules you have loaded by:
# kldstat
and you can load the ipfw module by:
# kldload ipfw
However, in the specific case of ipfw(8), you can arrange for all
necessary kernel modules to be loaded at boot time by setting:
firewall_enable="YES"
in /etc/rc.conf --- you'll need that even if you've compiled a kernel
with ipfw support built in.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030518/06e20396/attachment.bin
More information about the freebsd-questions
mailing list