Date: Sun, 23 Dec 2001 16:42:18 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Roger Savard <Unix@henoc.com> Cc: freebsd-stable@freebsd.org Subject: Re: NATD/IPFW in Pre-Release 4.5 does not work Message-ID: <Pine.NEB.3.96L.1011223164147.8511o-100000@fledge.watson.org> In-Reply-To: <1009132211.259.4.camel@JSBach.henocoffice.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks like your userland ipfw tool is out of sync with your ipfw kernel code (either module or linked in). Could you check your userland, modules, and kernel are all in sync? Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On 23 Dec 2001, Roger Savard wrote: > Hi, > > Since this morning I noticed that natd conflicts with the ipfw rules. > My userland is in sync with the kernel but I had to fall back to > (kernel.old) my last kernel. > > Content in /etc/rc.conf > firewall_enable="YES" # Set to YES to enable firewall > functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="open" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > natd_program="/sbin/natd" # path to natd, if you want a different > one. > natd_enable="YES" # Enable natd (if firewall_enable == > YES). > natd_interface="fxp1" # Public interface or IPaddress to use. > natd_flags="-u -dynamic" # Additional flags for natd. > > In /var/log/console I noticed: > Dec 23 07:45:14 Haydn /kernel: Kernel firewall module loaded > Dec 23 07:45:14 Haydn /kernel: Flushed all rules. > Dec 23 07:45:14 Haydn /kernel: ip_fw_ctl: invalid command > Dec 23 07:45:14 Haydn /kernel: ipfw: > Dec 23 07:45:14 Haydn /kernel: getsockopt(IP_FW_ADD) > Dec 23 07:45:14 Haydn /kernel: : > Dec 23 07:45:14 Haydn /kernel: Invalid argument > Dec 23 07:45:14 Haydn /kernel: 00100 > Dec 23 07:45:14 Haydn /kernel: allow > Dec 23 07:45:14 Haydn /kernel: ip > > The natd rule is not added as if there was a typo in either > the /etc/rc.firewall or /etc/rc.conf but with last week's kernel > there is no error. > > Anyone else noticed that? > > Thanks again. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011223164147.8511o-100000>