From owner-freebsd-questions  Wed Jan 31 19:49: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from go.bigred.net (go.bigred.net [63.239.54.166])
	by hub.freebsd.org (Postfix) with ESMTP id 2539637B491
	for <questions@FreeBSD.ORG>; Wed, 31 Jan 2001 19:48:47 -0800 (PST)
Received: from buster.cornhusker.net (buster.cornhusker.net [208.47.247.114])
	by go.bigred.net (8.9.3/8.9.3) with ESMTP id VAA16147
	for <questions@FreeBSD.ORG>; Wed, 31 Jan 2001 21:48:52 -0600
Message-Id: <4.3.2.7.2.20010131212130.00a8a6c0@mail.cornhusker.net>
X-Sender: deboert@mail.cornhusker.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 31 Jan 2001 21:43:43 -0600
To: questions@FreeBSD.ORG
From: Tim DeBoer <deboert@cornhusker.net>
Subject: Newbie fun with natd/ipfw
In-Reply-To: <bulk.73226.20010131090404@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi Everyone,
I'm trying to get natd/ipfw to work properly.
I did a custom kernel with the following options (Yes, it's using the new 
kernel)
options         IPFIREWALL              # ipfw-firewall support
options         IPFIREWALL_VERBOSE      # optional
options         IPFIREWALL_FORWARD      # optional
options         IPFIREWALL_VERBOSE_LIMIT=100    # limit verbosity
options         IPDIVERT                # divert sockets (for natd)

When I try to block all telnet traffic to this interface, I get...
# ipfw add deny tcp from any to 192.168.0.1 23
ipfw: getsockopt(IP_FW_ADD): Protocol not available

IP_FW_ADD????
I haven't seen that option anywhere in the docs, or am I not reading this 
correctly?

Anyway, if I follow some advice from the archives; previous questions 
related to this...
# kldload ipfw
kldload: can't load ipfw: Operation not permitted

If I try to see my current rule set (none, I know)
# ipfw show
ipfw: getsockopt(IP_FW_GET): Protocol not available
Again, I haven't seen that option anywhere in the docs, am I still not 
reading this correctly?

Can anyone point me in the right direction here?

Thanks!

Tim DeBoer
http://www.snarfy.com

It is by caffeine alone I set my mind in motion.
It is by the beans of Java that thoughts acquire speed, the hands acquire 
shaking,
the shaking becomes a warning.
It is by caffeine alone I set my mind in motion.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message