From owner-freebsd-hackers  Wed Sep  3 13:28:34 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id NAA05065
          for hackers-outgoing; Wed, 3 Sep 1997 13:28:34 -0700 (PDT)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA05060
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 3 Sep 1997 13:28:32 -0700 (PDT)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id NAA09575; Wed, 3 Sep 1997 13:27:44 -0700 (PDT)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma009573; Wed Sep  3 13:27:34 1997
Received: (from archie@localhost) by bubba.whistle.com (8.8.5/8.6.12) id NAA09505; Wed, 3 Sep 1997 13:27:33 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199709032027.NAA09505@bubba.whistle.com>
Subject: Re: ipfw problem in 2.2.2
In-Reply-To: <199709031343.IAA25280@gwydion.hns.st-louis.mo.us> from Kent Hamilton at "Sep 3, 97 08:43:10 am"
To: kenth@HNS.St-Louis.Mo.US (Kent Hamilton)
Date: Wed, 3 Sep 1997 13:27:33 -0700 (PDT)
Cc: freebsd-hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


> Hmmm, I thought I sent this last night but I never saw it anywhere so
> I'll try again....
> 
> I'm trying to use ipfw for the first time, and I've done the following:
>   1.  Rebuild the kernel with:
>       options	IPFIREWALL
>       options	IPFIREWALL_VERBOSE
>       options	IPDIVERT
>       options	"IPFIREWALL_VERBOSE_LIMIT=50"
>   2.  Changed rc.conf to firewall="simple"
>   3.  Heavily modified rc.firewall
>   4.  Reboot the box.
> 
> As soon as I try to load rules I get this:
> /sbin/ipfw add 100 divert natd all from any to any via vx0
> 00100 ... rule here
> ip_fw_ctl: neither in or out
> [IP_FW_CTL] Invalid Argument

Probably your kernel source is not consistent with your ipfw source,
in which case you need to re-compile and re-install the ipfw program
based on the newer (or older?) sources.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com