From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 21 23:31:54 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A08D716A44F
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Jul 2005 23:31:54 +0000 (GMT)
	(envelope-from jfalconer@puc.edu)
Received: from ecf.puc.edu (ecf2.puc.edu [12.16.216.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E28BF43D9B
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Jul 2005 23:31:42 +0000 (GMT)
	(envelope-from jfalconer@puc.edu)
Received: from localhost (jfalconer@localhost)
	by ecf.puc.edu (8.11.6/8.10.1) with ESMTP id j6LNVe627392
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Jul 2005 16:31:40 -0700 (PDT)
Date: Thu, 21 Jul 2005 16:31:40 -0700 (PDT)
From: Jon Falconer <jfalconer@puc.edu>
To: freebsd-questions@freebsd.org
Message-ID: <Pine.BSI.4.05L.10507211606530.19303-100000@ecf.puc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: ipfw loads with forwarding disabled
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2005 23:31:54 -0000

I'm running FreeBSD 5.4-RELEASE. When I load ipfw.ko I get:

ipfw2 initialized, divert disabled, rule-based forwarding disabled,
default to deny, logging disabled

I want to use the forward action in the rule set, logging would be nice
too. When I try to add a rule which uses the forward action, I get:

Line 2: getsockopt(IP_FW_ADD): Invalid argument

and line 2 looks similar to:

add 1200 forward ##.##.##.1 src-ip ##.##.##.0/23 in recv dc1

At this point I'm guessing that "rule-based forwarding disabled" has
something to do with it no liking my rule. I tried adding "options
IPFIREWALL_FORWARD" to the kernel config and rebuilt the kernel. But I
still get the same message as above when loading ipfw (kernel module).
I've perused all the relevant sections of the handbook that I could find
without finding any more clues. What does it take to change the default
feature set of the ipfw kernel module? Or do I have to compile it into the
kernel to alter this?

Thanks for your suggestions,

Jon