Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 May 2003 10:51:06 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Rohit Neupane <bikrant@wlink.com.np>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Transproxy and ipfw
Message-ID:  <20030518095106.GB14471@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <3EC723F7.9090001@wlink.com.np>
References:  <3EC723F7.9090001@wlink.com.np>
next in thread | previous in thread | raw e-mail | index | archive | help 

--yEPQxsgoJgBvi8ip
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 18, 2003 at 11:56:03AM +0545, Rohit Neupane wrote:
> Hi,
> `ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80`  returns ipfw:=20
> getsockopt(IP_FW_ADD): Invalid argument
>=20
> I'm running FreeBSD 4.6 with the default kernel. I guess=20
> IPFIREWALL_FORWARD option is enabled in kernel.
> Do i need to enable it in /etc/rc.conf? if so then how?

ipfw(8) is not enabled in the GENERIC kernel.  You've got two choices:

i) build yourself a custom kernel with the appropriate options --- at
least:

    options  IPFIREWALL

and probably such things as

    options IPFIREWALL_VERBOSE
    options IPFIREWALL_VERBOSE_LIMIT=3D128
    options IPDIVERT

(IPDIVERT is needed if you're going to using ipfw(8) and natd(8)) ---
see /usr/src/sys/i386/conf/LINT for details of what's available.

ii) Load the ipfw.ko kernel module into your kernel at boot time.  You
can see which kernel modules you have loaded by:

    # kldstat

and you can load the ipfw module by:

    # kldload ipfw

However, in the specific case of ipfw(8), you can arrange for all
necessary kernel modules to be loaded at boot time by setting:

    firewall_enable=3D"YES"

in /etc/rc.conf --- you'll need that even if you've compiled a kernel
with ipfw support built in.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--yEPQxsgoJgBvi8ip
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE+x1eKdtESqEQa7a0RAsonAKCRkH4YBGa3Af64uUYr1yj/0sQF3gCfWpbw
lHPzMNWlkYRwCNA+hYayZH8=
=mxMy
-----END PGP SIGNATURE-----

--yEPQxsgoJgBvi8ip--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030518095106.GB14471>