Date: Tue, 14 Oct 2003 12:10:28 -0400 From: "Thomas S. Crum" <tscrum@1wisp.com> To: <unix@usww.com> Cc: freebsd-ipfw@freebsd.org Subject: RE: ipfw size mismatch? Revised Message-ID: <000201c3926d$b24961b0$6252eb44@wolf> In-Reply-To: <3F8B7387.FACB2860@usww.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Ben, it worked like a charm. IPFW2 and dummynet, can't wait! :) Tom -----Original Message----- From: unix@usww.com [mailto:unix@usww.com] Sent: Monday, October 13, 2003 11:55 PM To: Thomas S. Crum; unix@usww.com Subject: Re: ipfw size mismatch? Revised I hate it when a patch comes out an then a revision. Well this is not a patch but I made a couple typos in kernel name. Sorry about that. Ben Bentsen USWW Systems 706-547-0087 ######## Prev Email ########## I use 4.8 also and had a problem. The following email came in and it worked with the standard release of ipfw2.c. I could not get any of the newer ipfw2.c to properly compile. I sent off an email to the ipfw group but have had no response. I already had the src's on my drives. Subject: RES: ipfw2 with FreeBSD 4.7-Release Date: Fri, 10 Oct 2003 08:20:33 -0300 From: Renato Barreto <renato_barreto@banrisul.com.br> To: "'freebsd-ipfw@freebsd.org'" <freebsd-ipfw@freebsd.org> CC: "'traore@afribone.net.gn'" <traore@afribone.net.gn> Hi, To do this run /stand/sysinstall (as root), choose Configure -> Distributions, then src, and then lib, sbin and sys. To compile libalias: cd /usr/src/lib/libalias make -DIPFW2 make install To compile ipfw: cd /usr/src/sbin/ipfw make -DIPFW2 make install Build a Kernel with: cd /usr/src/sys/i386/conf options IPFW2 # Renato ##### End of Email ##### Beginning of what I personally did in addition to the email ################################################################# I personally used the following to compile the kernel # cd /usr/src/sys/i386/conf # cp GENERIC USWW48-1 # ee USWW48-1 and added options IPFW2 # /usr/sbin/config USWW48-1 # cd ../../compile/USWW48-1 # make depend # make # make install And it worked Additionally I made the following changes to the kernel I commented out the following #cpu I386_CPU #cpu I486_CPU #options INET6 #IPv6 communications protocols #pseudo-device gif # IPv6 and IPv4 tunneling #pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) ### I have had many problems with ip6 so I just omit it for now. ### Until it becomes more of a standard I won;t dive in to it. And I added the following under maxusers 0 ## Start BB # Add the next line to the end of this file uncommented # pseudo-device speaker #Play IBM BASIC-style noises out your speaker BB Added # I added "reveille" below to the end of rc.local file so when it boots I know it did. # echo "t255l8c.f.afc~c.f.afc~c.f.afc.f.a..f.~c.f.afc~c.f.afc~c.f.afc~c.f..">/d ev/speaker # TCPDEBUG is undocumented. # /usr/sbin/config USWW48V1;cd ../../compile/USWW48V1;make depend;make;make install # # BRIDGE enables bridging between ethernet cards -- see bridge(4). # You can use IPFIREWALL and dummynet together with bridging. options IPFW2 # USE make -DIPFW2 when Making kernel options BRIDGE options DUMMYNET # This is for bandwith limiting see man dummynet options MROUTING # Multicast routing options IPFIREWALL # firewall options IPFIREWALL_FORWARD # enable transparent proxy support options IPFIREWALL_VERBOSE # print information about # dropped packets options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default options IPDIVERT # divert sockets options TCPDEBUG ## End BB I hope this helps it works well for me Your rules sets may need to checked and MAC addresses addressed Remember the order of the MACs in rc.local or rc.firewall. I personally do not use rc.firewall I put all rules in rc.local. An old method but works much better and safer for me. Destination Source ipfw add 880 pass log logamount 10000 mac 00:50:bf:16:15:37 00:48:54:8a:b7:f4 ipfw add 880 pass log logamount 10000 mac 00:48:54:8a:b7:f4 00:50:bf:16:15:37 I have used FreeBSD for years and am well satisfied with it. I use it on all my network boxes. Ben Bentsen USWW Systems 706-547-0087 "Thomas S. Crum" wrote: > > Hello all, > > I recently installed FreeBSD 4.8 release and am having problems getting > a dummynet bridge working. Not that dummynet is the problem, I cannot > get the bridge itself working. I keep getting an error at start: ipfw: > size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall I > get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument. > > I have no ip addresses assigned to either of my two interfaces. > > The kernel was rebuilt with the added options: > > options BRIDGE > options IPFIREWALL > options IPDIVERT (tried with and without this option) > options IPFIREWALL_VERBOSE > options IPFW2 > options DUMMYNET > > I built the kernel with: > > cd /usr/src > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL > > I put these lines in /etc/rc.conf: > > firewall_enable="YES" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging="YES" > > Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's): > > net.link.ether.bridge_cfg=rl0:0,rl1:0 > net.link.ether.bridge_ipfw=1 > net.link.ether.bridge=1 > > I have used this same setup w/ 4.4 with no problem (of course lacking > the ipfw2 option). Tried google with the errors I'm getting to no > avail. Any help getting this bridge up will be appreciated. > > Best, > > Tom > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201c3926d$b24961b0$6252eb44>