ipfw acting strange

David J Brooks daeg at houston.rr.com
Sat Apr 15 04:14:26 UTC 2006

I'm stumped.

This afternoon I upgraded the outward facing NIC on my gateway, with a 
corresponding device name change from rl0 to fxp1. I have edited rc.conf to 
reflect the change and made what I thought were the appropriate changes to 
rc.firewall. On bootup the console displays the corrected rule-set loading: 

00050 divert 8668 ip from any to any via fxp0

but when I log in and type 'ipfw list' the role shows up as:

00050 divert 8668 ip from any to any via rl0

As a result, the other machines on the LAN cannot access the internet.

For the life of me I cannot figure out where the old NIC is being read into 
the rule-set.

Here are the relevant lines from rc.conf:

firewall_type="open" # only temporary. :)
firewall_script="/etc/rc.firewall" # should be default anyway 


ifconfig_fxp0="inet  netmask"
natd_flags="-dynamic -m"

Sure God created the world in only six days,
but He didn't have an established user-base.

More information about the freebsd-questions mailing list