From owner-freebsd-questions Wed Jan 31 21:20:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from xs4some.net (CC4140-a.sneek1.fr.nl.home.com [212.120.108.75]) by hub.freebsd.org (Postfix) with ESMTP id E31D637B491 for ; Wed, 31 Jan 2001 21:20:01 -0800 (PST) Received: by xs4some.net (Postfix, from userid 1000) id CAD692C90F; Thu, 1 Feb 2001 06:20:00 +0100 (CET) From: Fenix To: Tim DeBoer Subject: Re: Newbie fun with natd/ipfw Date: Thu, 1 Feb 2001 06:20:00 +0100 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" References: <4.3.2.7.2.20010131212130.00a8a6c0@mail.cornhusker.net> In-Reply-To: <4.3.2.7.2.20010131212130.00a8a6c0@mail.cornhusker.net> Cc: freebsd-questions@freebsd.org MIME-Version: 1.0 Message-Id: <01020106200003.00362@xs4some.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You probably must reduce your kernel security level to be able to manipulate firewall rules check /etc/rc.conf On Thursday 01 February 2001 04:43, you wrote: > Hi Everyone, > I'm trying to get natd/ipfw to work properly. > I did a custom kernel with the following options (Yes, it's using the new > kernel) > options IPFIREWALL # ipfw-firewall support > options IPFIREWALL_VERBOSE # optional > options IPFIREWALL_FORWARD # optional > options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity > options IPDIVERT # divert sockets (for natd) > > When I try to block all telnet traffic to this interface, I get... > # ipfw add deny tcp from any to 192.168.0.1 23 > ipfw: getsockopt(IP_FW_ADD): Protocol not available > > IP_FW_ADD???? > I haven't seen that option anywhere in the docs, or am I not reading this > correctly? > > Anyway, if I follow some advice from the archives; previous questions > related to this... > # kldload ipfw > kldload: can't load ipfw: Operation not permitted > > If I try to see my current rule set (none, I know) > # ipfw show > ipfw: getsockopt(IP_FW_GET): Protocol not available > Again, I haven't seen that option anywhere in the docs, am I still not > reading this correctly? > > Can anyone point me in the right direction here? > > Thanks! > > Tim DeBoer > http://www.snarfy.com > > It is by caffeine alone I set my mind in motion. > It is by the beans of Java that thoughts acquire speed, the hands acquire > shaking, > the shaking becomes a warning. > It is by caffeine alone I set my mind in motion. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- If you have to hate, hate gently .... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message