From owner-freebsd-questions Sun Nov 4 13:39:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail11.speakeasy.net (mail11.speakeasy.net [216.254.0.211]) by hub.freebsd.org (Postfix) with ESMTP id A125A37B418 for ; Sun, 4 Nov 2001 13:39:03 -0800 (PST) Received: (qmail 81087 invoked from network); 4 Nov 2001 21:39:02 -0000 Received: from unknown (HELO z5w4q9) ([66.92.216.5]) (envelope-sender ) by mail11.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 4 Nov 2001 21:39:02 -0000 Message-ID: <000701c16578$d53fe5a0$05d85c42@kibserv.org> From: "Jason Cribbins" To: "pasca" Cc: References: <001701c1656d$2f97c240$05d85c42@kibserv.org> <001b01c16571$338db7c0$0301a8c0@pascal> Subject: Re: Unable to get natd/ipfw to work properly Date: Sun, 4 Nov 2001 16:36:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks I thought I read that IPFIREWALL was built into the GENERIC kernel. I can add rules such as: ipfw add all from any to any Just nothing that uses divert. Anyhow I will restart the 4 hour process that is recompile another kernel on this old machine. Thanks Again ----- Original Message ----- From: "pasca" To: "Jason Cribbins" Cc: Sent: Sunday, November 04, 2001 3:41 PM Subject: Re: Unable to get natd/ipfw to work properly > as far as I can see you forgot to include your firewall in your kernel... > > add: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=20 > > to your firewall config file en recompile. > > Regards, > > Pascal Zoutendijk > TBWA \ IT > > ----- Original Message ----- > From: "Jason Cribbins" > To: "Nick Rogness" > Cc: > Sent: Sunday, November 04, 2001 9:13 PM > Subject: Re: Unable to get natd/ipfw to work properly > > > > I rebuilt the kernel using the directions found on > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html > > using the "traditional" method since the "new" method wouldn't work > > correctly. > > I have confirmed the new kernel ident is displayed upon bootup. > > > > Now I am back top this again > > IP packet filtering initialized, divert disabled, rule-based forwarding > > disabled > > , default to deny, logging disabled > > > > and this as well. > > 7:58pm mail:~ # ipfw add divert natd all from any to any via lnc0 > > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > 7:58pm mail:~ # > > > > What am I missing here? > > > > Here are the config file that may apply: > > # - MYKERN - BEGIN - # > > machine i386 > > cpu I586_CPU > > ident COMPAQ-KERN > > maxusers 32 > > #makeoptions DEBUG=-g #Build kernel with gdb(1) debug > > symbols > > options IPDIVERT #Requited by natd > > options MATH_EMULATE #Support for x87 emulation > > options INET #InterNETworking > > #options INET6 #IPv6 communications protocols > > options FFS #Berkeley Fast Filesystem > > options FFS_ROOT #FFS usable as root device [keep > > this!] > > options SOFTUPDATES #Enable FFS soft updates support > > #options MFS #Memory Filesystem > > #options MD_ROOT #MD is a potential root device > > #options NFS #Network Filesystem > > #options NFS_ROOT #NFS usable as root device, NFS > > required > > #options MSDOSFS #MSDOS Filesystem > > #options CD9660 #ISO 9660 Filesystem > > #options CD9660_ROOT #CD-ROM usable as root, CD9660 > > required > > options PROCFS #Process filesystem > > options COMPAT_43 #Compatible with BSD 4.3 [KEEP > > THIS!] > > options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI > > options UCONSOLE #Allow users to grab the console > > options USERCONFIG #boot -c editor > > options VISUAL_USERCONFIG #visual boot -c editor > > options KTRACE #ktrace(1) support > > #options SYSVSHM #SYSV-style shared memory > > #options SYSVMSG #SYSV-style message queues > > #options SYSVSEM #SYSV-style semaphores > > options P1003_1B #Posix P1003_1B real-time > extensions > > options _KPOSIX_PRIORITY_SCHEDULING > > options ICMP_BANDLIM #Rate limit bad replies > > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > > > # To make an SMP kernel, the next two are needed > > #options SMP # Symmetric MultiProcessor Kernel > > #options APIC_IO # Symmetric (APIC) I/O > > # - MYKERN - END - # > > The rest is devices and all devices for INET are working fine > > > > # - /etc/rc.conf - BEGIN - # > > # NAT Settings > > gateway_enable="YES" > > natd_enable="YES" > > natd_interface="lnc0" > > natd_flags="-f /etc/local/etc/natd.cf" > > firewall_enable="YES" > > firewall_type="OPEN" > > # - /etc/rc.conf - END - # > > > > # - /usr/local/etc/natd.cf - BEGIN - # > > log yes > > use_sockets no > > same_ports yes > > interface lnc0 > > # - /usr/local/etc/natd.cf - END - # > > > > # - ifconfig - BEGIN - # > > lnc0: flags=8843 mtu 1500 > > inet 66.92.216.6 netmask 0xffffff00 broadcast 66.92.216.255 > > ether 00:80:5f:f4:10:42 > > rl0: flags=8843 mtu 1500 > > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 > > ether 00:02:2a:b0:6f:0e > > media: autoselect (none) status: active > > supported media: autoselect 100baseTX 100baseTX > > 10baseT/UTP 10baseT/UTP 100baseTX > > lp0: flags=8810 mtu 1500 > > lo0: flags=8049 mtu 16384 > > inet 127.0.0.1 netmask 0xff000000 > > # - ifconfig - END - # > > > > Unsure what else you may need? Let me know. I have one DSL line down and > > this is a temporary fix for what may be a long term outage. > > > > ----- Original Message ----- > > From: "Nick Rogness" > > To: "Jason Cribbins" > > Cc: > > Sent: Sunday, November 04, 2001 12:13 AM > > Subject: Re: Unable to get natd/ipfw to work properly > > > > > > > On Sat, 3 Nov 2001, Jason Cribbins wrote: > > > > > > > Can someone help me past this error I am getting when trying to use > > > > natd and ipfw > > > > > > > Nov 4 04:24:33 mail /kernel: IP packet filtering initialized, > > > >divert disabled, rule-based forwarding disabled, default to deny, > logging > > > ^^^^^^^^^^^^^^^ > > > > > > This is your problem, you need to build a kernel with: > > > > > > options IPDIVERT > > > > > > > > > > > > Nick Rogness > > > - Keep on Routing in a Free World... > > > "FreeBSD: The Power to Serve!" > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message