Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Feb 2001 18:45:34 -0500
From:      "David S. Jackson" <dsj@sylvester.dsj.net>
To:        freebsd-questions@freebsd.org
Subject:   can't load ipfw: Operation not permitted
Message-ID:  <20010214184534.A26426@sylvester.dsj.net>

next in thread | raw e-mail | index | archive | help
I'm trying to make this host, 192.168.1.106, act as gateway for
the rest of my home network.  I'm using a 4.2 Release stock
kernel on a 486 connecting to a DSL router and to my ISP.  I can
ping from the 486 to anywhere on the Net, but I can't ping from
within my homenet past my 486.  Likewise, I can ping my homenet
hosts from the 486 (except for one, but that's another story).
So, I think my problem is with making ipfw work.  I've already
turned on ipforwarding (I hope) with 
#sysctl -w net.inet.ip.forwarding=1

The error I get when I start /etc/startnet on my 486 DX2 with
FBSD 4.2 (with stock kernel) is:

  =====snip========
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::2a0:24ff:fe03:73cd%ep0 prefixlen 64 scopeid 0x1 
        inet 192.168.1.106 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:a0:24:03:73:cd 
        media: 10baseT/UTP
        supported media: 10base2/BNC 10baseT/UTP 10base5/AUI
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::250:baff:fe6f:c67d%ed1 prefixlen 64 scopeid 0x2 
        inet 208.148.151.43 netmask 0xffffff00 broadcast 208.148.151.255
        ether 00:50:ba:6f:c6:7d 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000 
kldload: can't load ipfw: Operation not permitted
Warning: firewall kernel module failed to load.
Additional routing options: tcp extensions=NO IP gateway=YES TCP keepalive=YES.
routing daemons: routed.
routed: bind(rip_sock): Address already in use; giving up

  =====snip=====

I've fixed up my rc.firewall file according the handbook and
included instructions.

Relevant parts of my /etc/rc.conf file
are:

  ===snip===

kern_securelevel="1"
kern_securelevel_enable="YES"
sendmail_enable="YES"
portmap_enable="NO"
nfs_server_enable="NO"
inetd_enable="YES"
gateway_enable="YES"
router_flags="-q"
router="routed"
router_enable="YES"

natd_enable="YES"               # Enable natd (if firewall_enable == YES).
natd_interface="ed1"            # Public interface or IPaddress to use.
natd_flags=""                   # Additional flags for natd.
### Basic network and firewall/security options: ###
firewall_enable="YES"           # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="OPEN"            # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
firewall_logging="YES"          # Set to YES to enable events logging
firewall_flags=""               # Flags passed to ipfw when type is a file

  ===snip===

My routing table is:

  ====snip====
Internet:
Destination        Gateway            Flags     Refs     Use Netif Expire
default            208.148.151.1      UGSc        2      152 ed1
127.0.0.1          127.0.0.1          UH          0        0 lo0
192.168.1          link#1             UC          0        0 ep0 =>
192.168.1.100      0:a0:24:bf:41:f4   UHLW        1     1723 ep0    467
192.168.1.105/32   0:40:5:e4:e8:42    ULS2c       0        7 ep0
208.148.151        link#2             UC          0        0 ed1 =>
208.148.151.1      link#2             UHLW        1    30707 ed1 =>
208.148.151.1      0:80:c8:ca:19:2b   UHLS2       0        0 ed1

  ====snip====

Sorry for the long post, but I wanted to give you too much info
rather than too little.  :-)

What am I missing?

Thanks in advance!


--
David S. Jackson                        dsj@dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I worked in a health food store once.  A guy came in
and asked me, "If I melt dry ice, can I take a bath
without getting wet?" -- Steven Wright


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010214184534.A26426>