From owner-freebsd-stable  Sun Dec 23 10:30:15 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from henoc.dnsalias.com (modemcable039.36-202-24.mtl.mc.videotron.ca [24.202.36.39])
	by hub.freebsd.org (Postfix) with ESMTP id 8D19837B419
	for <freebsd-stable@freebsd.org>; Sun, 23 Dec 2001 10:30:11 -0800 (PST)
Received: from freebee.henocoffice.com (freebee.henocoffice.com [192.168.0.101])
	by henoc.dnsalias.com (8.11.6/8.11.6) with ESMTP id fBNIUB302102
	for <freebsd-stable@freebsd.org>; Sun, 23 Dec 2001 13:30:11 -0500 (EST)
	(envelope-from Unix@henoc.com)
Subject: NATD/IPFW  in Pre-Release 4.5 does not work
From: Roger Savard <Unix@henoc.com>
To: freebsd-stable@freebsd.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/1.0 (Preview Release)
Date: 23 Dec 2001 13:30:11 -0500
Message-Id: <1009132211.259.4.camel@JSBach.henocoffice.com>
Mime-Version: 1.0
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Hi,

Since this morning I noticed that natd conflicts with the ipfw rules.
My userland is in sync with the kernel but I had to fall back to
(kernel.old) my last kernel.

Content in /etc/rc.conf
firewall_enable="YES"           # Set to YES to enable firewall
functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
firewall_type="open"            # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
natd_program="/sbin/natd"       # path to natd, if you want a different
one.
natd_enable="YES"               # Enable natd (if firewall_enable ==
YES).
natd_interface="fxp1"           # Public interface or IPaddress to use.
natd_flags="-u -dynamic"       # Additional flags for natd.

In /var/log/console I noticed:
Dec 23 07:45:14 Haydn /kernel: Kernel firewall module loaded
Dec 23 07:45:14 Haydn /kernel: Flushed all rules.
Dec 23 07:45:14 Haydn /kernel: ip_fw_ctl: invalid command
Dec 23 07:45:14 Haydn /kernel: ipfw: 
Dec 23 07:45:14 Haydn /kernel: getsockopt(IP_FW_ADD)
Dec 23 07:45:14 Haydn /kernel: : 
Dec 23 07:45:14 Haydn /kernel: Invalid argument
Dec 23 07:45:14 Haydn /kernel: 00100 
Dec 23 07:45:14 Haydn /kernel: allow
Dec 23 07:45:14 Haydn /kernel: ip

The natd rule is not added as if there was a typo in either
the /etc/rc.firewall or /etc/rc.conf but with last week's kernel
there is no error.

Anyone else noticed that?

Thanks again.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message