From owner-freebsd-stable Sun Dec 23 13:43: 1 2001 Delivered-To: freebsd-stable@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 29D6A37B41A for ; Sun, 23 Dec 2001 13:42:46 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fBNLgID21171; Sun, 23 Dec 2001 16:42:37 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 23 Dec 2001 16:42:18 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Roger Savard Cc: freebsd-stable@freebsd.org Subject: Re: NATD/IPFW in Pre-Release 4.5 does not work In-Reply-To: <1009132211.259.4.camel@JSBach.henocoffice.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Looks like your userland ipfw tool is out of sync with your ipfw kernel code (either module or linked in). Could you check your userland, modules, and kernel are all in sync? Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On 23 Dec 2001, Roger Savard wrote: > Hi, > > Since this morning I noticed that natd conflicts with the ipfw rules. > My userland is in sync with the kernel but I had to fall back to > (kernel.old) my last kernel. > > Content in /etc/rc.conf > firewall_enable="YES" # Set to YES to enable firewall > functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="open" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > natd_program="/sbin/natd" # path to natd, if you want a different > one. > natd_enable="YES" # Enable natd (if firewall_enable == > YES). > natd_interface="fxp1" # Public interface or IPaddress to use. > natd_flags="-u -dynamic" # Additional flags for natd. > > In /var/log/console I noticed: > Dec 23 07:45:14 Haydn /kernel: Kernel firewall module loaded > Dec 23 07:45:14 Haydn /kernel: Flushed all rules. > Dec 23 07:45:14 Haydn /kernel: ip_fw_ctl: invalid command > Dec 23 07:45:14 Haydn /kernel: ipfw: > Dec 23 07:45:14 Haydn /kernel: getsockopt(IP_FW_ADD) > Dec 23 07:45:14 Haydn /kernel: : > Dec 23 07:45:14 Haydn /kernel: Invalid argument > Dec 23 07:45:14 Haydn /kernel: 00100 > Dec 23 07:45:14 Haydn /kernel: allow > Dec 23 07:45:14 Haydn /kernel: ip > > The natd rule is not added as if there was a typo in either > the /etc/rc.firewall or /etc/rc.conf but with last week's kernel > there is no error. > > Anyone else noticed that? > > Thanks again. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message