From owner-freebsd-hackers@FreeBSD.ORG  Tue Nov 16 21:33:49 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F2CA216A4CE
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Nov 2004 21:33:48 +0000 (GMT)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E5D1A43D48
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Nov 2004 21:33:47 +0000 (GMT)	(envelope-from marck@rinet.ru)
Received: from localhost (localhost [127.0.0.1])
	by woozle.rinet.ru (8.13.1/8.13.1) with ESMTP id iAGLXeIp071417;
	Wed, 17 Nov 2004 00:33:40 +0300 (MSK)
	(envelope-from marck@rinet.ru)
Date: Wed, 17 Nov 2004 00:33:40 +0300 (MSK)
From: Dmitry Morozovsky <marck@rinet.ru>
To: Yury Tarasievich <grog@grsu.by>
In-Reply-To: <419A1FB9.108@grsu.by>
Message-ID: <20041117003227.G71104@woozle.rinet.ru>
References: <200411151836.iAFIa6b2007989@peedub.jennejohn.org>
	<4199FBE6.60200@grsu.by>
	<20041116151643.GA74432@comp.chem.msu.su> <419A1FB9.108@grsu.by>
X-NCC-RegID: ru.rinet
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Yar Tikhiy <yar@comp.chem.msu.su>
cc: freebsd-hackers@freebsd.org
Subject: Re: IPDIVERT option not getting compiled?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2004 21:33:49 -0000

On Tue, 16 Nov 2004, Yury Tarasievich wrote:

YT> Yar Tikhiy wrote:
YT> 
YT> > On Tue, Nov 16, 2004 at 03:08:54PM +0200, Yury Tarasievich wrote:
YT> > 
YT> > > I'm adding IPDIVERT option ("options IPDIVERT") to config file and 
YT> <...>
YT> > You seem to be confused by the well-known kernel vs. module
YT> > configuration issue.  Alas, kernel options you specify in your
YT> > kernel config file affect the kernel binary only, not modules
YT> > built along with the kernel.  If you want IPDIVERT, which is
YT> > an option to IPFIREWALL, you have to build your kernel with
YT> > both IPFIREWALL and IPDIVERT:
YT> <...>
YT> I did. See the config contents in originating posting. That was the essence
YT> of the problem -- familiar procedure unexplainably not working.

But you did reference ipfw *module*. This combination will not work. Currently, 
if you need divert you *must* compile ipfw into 4.X kernel.

Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------