From owner-freebsd-stable Sun Dec 23 11:33: 4 2001 Delivered-To: freebsd-stable@freebsd.org Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by hub.freebsd.org (Postfix) with ESMTP id B8D6137B417 for ; Sun, 23 Dec 2001 11:33:00 -0800 (PST) Received: from twincat.vladsempire.net (unknown [209.105.45.91]) by services.webwarrior.net (Postfix) with ESMTP id 036954AC for ; Sun, 23 Dec 2001 13:32:41 -0600 (CST) Received: by twincat.vladsempire.net (Postfix, from userid 1001) id 965A3386F; Sun, 23 Dec 2001 13:33:11 +0000 (GMT) Date: Sun, 23 Dec 2001 13:33:11 +0000 From: Josh Paetzel To: Roger Savard Cc: freebsd-stable@FreeBSD.ORG Subject: Re: NATD/IPFW in Pre-Release 4.5 does not work Message-ID: <20011223133311.C237@twincat.vladsempire.net> Mail-Followup-To: Roger Savard , freebsd-stable@FreeBSD.ORG References: <1009132211.259.4.camel@JSBach.henocoffice.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1009132211.259.4.camel@JSBach.henocoffice.com>; from Unix@henoc.com on Sun, Dec 23, 2001 at 01:30:11PM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Dec 23, 2001 at 01:30:11PM -0500, Roger Savard wrote: > Hi, > > Since this morning I noticed that natd conflicts with the ipfw rules. > My userland is in sync with the kernel but I had to fall back to > (kernel.old) my last kernel. > > Content in /etc/rc.conf > firewall_enable="YES" # Set to YES to enable firewall > functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="open" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > natd_program="/sbin/natd" # path to natd, if you want a different > one. > natd_enable="YES" # Enable natd (if firewall_enable == > YES). > natd_interface="fxp1" # Public interface or IPaddress to use. > natd_flags="-u -dynamic" # Additional flags for natd. > > In /var/log/console I noticed: > Dec 23 07:45:14 Haydn /kernel: Kernel firewall module loaded > Dec 23 07:45:14 Haydn /kernel: Flushed all rules. > Dec 23 07:45:14 Haydn /kernel: ip_fw_ctl: invalid command > Dec 23 07:45:14 Haydn /kernel: ipfw: > Dec 23 07:45:14 Haydn /kernel: getsockopt(IP_FW_ADD) > Dec 23 07:45:14 Haydn /kernel: : > Dec 23 07:45:14 Haydn /kernel: Invalid argument > Dec 23 07:45:14 Haydn /kernel: 00100 > Dec 23 07:45:14 Haydn /kernel: allow > Dec 23 07:45:14 Haydn /kernel: ip > > The natd rule is not added as if there was a typo in either > the /etc/rc.firewall or /etc/rc.conf but with last week's kernel > there is no error. > > Anyone else noticed that? > > Thanks again. No. I have 2 different boxes running 4.5-PRERELEASE and natd with no issues. Are you sure installworld didn't b0mb when you updated? You don't mention when you cvsupped, but I'm going to cvsup and rebuild one of the boxes right now. I'll let you know in about 2 hours if there are any problems that crop up with natd. Josh > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message