From owner-freebsd-current  Fri Mar 21 12:12:19 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2833337B404
	for <freebsd-current@FreeBSD.ORG>; Fri, 21 Mar 2003 12:12:18 -0800 (PST)
Received: from oasis.quay.com (sub18-59.member.dsl-only.net [63.105.18.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5B0BE43FAF
	for <freebsd-current@FreeBSD.ORG>; Fri, 21 Mar 2003 12:12:17 -0800 (PST)
	(envelope-from tod@quay.com)
Received: from quay.com (titania-wl.quay.com [192.168.2.8])
	by oasis.quay.com (8.12.8/8.12.8) with ESMTP id h2LKCGoC063446;
	Fri, 21 Mar 2003 12:12:16 -0800 (PST)
	(envelope-from tod@quay.com)
Date: Fri, 21 Mar 2003 12:12:18 -0800
Subject: Re: IPDIVERT problem?
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
Cc: freebsd-current@FreeBSD.ORG
To: "Kevin S. Brackett" <ksb@platypusgroup.com>
From: Tod Oace <tod@quay.com>
In-Reply-To: <20030321144208.U96640@tsunami.platypusgroup.com>
Message-Id: <6ABE7822-5BD9-11D7-A07C-00039388DE60@quay.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.551)
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Friday, March 21, 2003, at 11:51 AM, Kevin S. Brackett wrote:

> Mar 19 13:05:23 hades kernel: ipfw2 initialized, divert enabled,
> rule-based forwarding enabled, default to accept, logging limited to 
> 100
> packets/entry by default
> Mar 19 13:05:23 hades kernel: DUMMYNET initialized (011031)
> Mar 19 13:05:23 hades kernel: IPv6 packet filtering initialized, 
> default
> to accept, logging limited to 100 packets/entry

It's been working fine for me although I'm not using DUMMYNET or IPv6 
firewall, and my default is to deny. Last cvsup was a couple days ago.

> ${fwcmd} add 50 divert natd all from any to any via ${natd_interface}

Same here. Was it working before or is this a new setup? Have you 
verified natd is running, natd_interface is defined to your public 
interface and all that?

> ipfw: opcode 50 size 1 wrong
> getsockopt(IP_FWD_ADD): something something

Maybe try without IPv6 firewall and DUMMYNET to help narrow the problem 
down.

-- 
Tod Oace <tod@quay.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message