Date: Sun, 4 Nov 2001 15:13:34 -0500 From: "Jason Cribbins" <jasonc@concentric.net> To: "Nick Rogness" <nick@rogness.net> Cc: <questions@FreeBSD.ORG> Subject: Re: Unable to get natd/ipfw to work properly Message-ID: <001701c1656d$2f97c240$05d85c42@kibserv.org> References: <Pine.BSF.4.21.0111032255140.10083-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I rebuilt the kernel using the directions found on http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html using the "traditional" method since the "new" method wouldn't work correctly. I have confirmed the new kernel ident is displayed upon bootup. Now I am back top this again IP packet filtering initialized, divert disabled, rule-based forwarding disabled , default to deny, logging disabled and this as well. 7:58pm mail:~ # ipfw add divert natd all from any to any via lnc0 ipfw: getsockopt(IP_FW_ADD): Invalid argument 7:58pm mail:~ # What am I missing here? Here are the config file that may apply: # - MYKERN - BEGIN - # machine i386 cpu I586_CPU ident COMPAQ-KERN maxusers 32 #makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols options IPDIVERT #Requited by natd options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking #options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support #options MFS #Memory Filesystem #options MD_ROOT #MD is a potential root device #options NFS #Network Filesystem #options NFS_ROOT #NFS usable as root device, NFS required #options MSDOSFS #MSDOS Filesystem #options CD9660 #ISO 9660 Filesystem #options CD9660_ROOT #CD-ROM usable as root, CD9660 required options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support #options SYSVSHM #SYSV-style shared memory #options SYSVMSG #SYSV-style message queues #options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies options KBD_INSTALL_CDEV # install a CDEV entry in /dev # To make an SMP kernel, the next two are needed #options SMP # Symmetric MultiProcessor Kernel #options APIC_IO # Symmetric (APIC) I/O # - MYKERN - END - # The rest is devices and all devices for INET are working fine # - /etc/rc.conf - BEGIN - # # NAT Settings gateway_enable="YES" natd_enable="YES" natd_interface="lnc0" natd_flags="-f /etc/local/etc/natd.cf" firewall_enable="YES" firewall_type="OPEN" # - /etc/rc.conf - END - # # - /usr/local/etc/natd.cf - BEGIN - # log yes use_sockets no same_ports yes interface lnc0 # - /usr/local/etc/natd.cf - END - # # - ifconfig - BEGIN - # lnc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 66.92.216.6 netmask 0xffffff00 broadcast 66.92.216.255 ether 00:80:5f:f4:10:42 rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:02:2a:b0:6f:0e media: autoselect (none) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 # - ifconfig - END - # Unsure what else you may need? Let me know. I have one DSL line down and this is a temporary fix for what may be a long term outage. ----- Original Message ----- From: "Nick Rogness" <nick@rogness.net> To: "Jason Cribbins" <jasonc@concentric.net> Cc: <questions@FreeBSD.ORG> Sent: Sunday, November 04, 2001 12:13 AM Subject: Re: Unable to get natd/ipfw to work properly > On Sat, 3 Nov 2001, Jason Cribbins wrote: > > > Can someone help me past this error I am getting when trying to use > > natd and ipfw > > > Nov 4 04:24:33 mail /kernel: IP packet filtering initialized, > >divert disabled, rule-based forwarding disabled, default to deny, logging > ^^^^^^^^^^^^^^^ > > This is your problem, you need to build a kernel with: > > options IPDIVERT > > > > Nick Rogness <nick@rogness.net> > - Keep on Routing in a Free World... > "FreeBSD: The Power to Serve!" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001701c1656d$2f97c240$05d85c42>