Date: Wed, 11 Oct 2000 13:43:28 -0700 From: Kent Stewart <kstewart@urx.com> To: Martin Moeller <martian@t-online.de> Cc: questions@FreeBSD.ORG Subject: Re: Problem with ipfw after cvsup to 4.1.1-STABLE Message-ID: <39E4D0F0.D8C47046@urx.com> References: <13jS7G-29rF4aC@fwd02.sul.t-online.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin Moeller wrote: > > Hello everybody. > > A few days ago I did my first cvs update ever. The new > sources for the 4.1.1-STABLE kernel are now on my system > and I've compiled them successfully. But the new kernel has > a problem with the old ipfw or the rc.firewall file. I can't > figure out what exactly is wrong. At boot time I receive > the message: > > 00050 divert 6668 ip from any to any via isp0 > ipfw: setsocket(IP_FW_ADD): Invalid argument > > ... <snip> ... (all other rules also get this > error message) > > My internet connection only works with the old kernel. > Can anyone tell me what I have to do to get things goin' > again?? Since this is your first upgrade, did you do build a new world and kernel. They have to be built and installed as a pair. A new kernel and an old world probably won't work properly. The divert service is supposed to be 8668. The only time I ever saw 6668 referenced was in The Complete FreeBSD. My rc.firewall uses 8668. The rc.firewall for 4.1.1 was upgraded to do the divert after you check for IP's that shouldn't be on the internet. If you used mergemaster and upgraded your firewall rules and /etc/services, the divert could be broken. I'm using the latest rc.firewall and added some of the rules from the "Dual homed service" at http://www.mostgraveconcern.com/freebsd/. The only real difference is that I don't permit outside accesses that require a login. I also log all attempts to login. There are a number of them. Kent -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39E4D0F0.D8C47046>