From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 7 12:12:27 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 936671065708; Mon, 7 Mar 2011 12:12:27 +0000 (UTC) (envelope-from freebsduser@paradisegreen.co.uk) Received: from mail.paradisegreen.co.uk (almaz.paradisegreen.co.uk [81.187.228.2]) by mx1.freebsd.org (Postfix) with ESMTP id 1D8A68FC19; Mon, 7 Mar 2011 12:12:26 +0000 (UTC) Received: from [10.0.0.17] (vaio2.paradise [10.0.0.17]) by mail.paradisegreen.co.uk (8.13.3/8.13.3) with ESMTP id p27BXpIK017071; Mon, 7 Mar 2011 11:33:52 GMT (envelope-from freebsduser@paradisegreen.co.uk) DomainKey-Signature: a=rsa-sha1; s=default; d=paradisegreen.co.uk; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:content-type:content-transfer-encoding; b=Xm1bix8OFDPSEXtPtTFMluMdu1ETBSKcvRY7DvmkX7Fms3ha4shKQg7Vmr9jbNeAH uHR6xQiYXaW4k8jSftQiw== Message-ID: <4D74C296.70204@paradisegreen.co.uk> Date: Mon, 07 Mar 2011 11:33:42 +0000 From: Thomas Sandford User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8 MIME-Version: 1.0 To: Dave Johnson References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VERIFIED autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on almaz.paradisegreen.co.uk Cc: freebsd-ipfw@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Kernel Update / IPFW not working X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2011 12:12:27 -0000 On 06/03/2011 14:23, Dave Johnson wrote: > An IPFW problem when going from release to stable on 8.2 > > An help gladly accepted > > LOG ON > > Flushed all rules. > 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 > 00030 divert 8668 ip from any to any via bge0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > 50000 allow ip from any to any > Firewall rules loaded. > Starting natd. > > rc.conf > defaultrouter="192.168.0.1" > gateway_enable="YES" > hostname="xxx.xxx.xxx" > ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0" > ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0" > keymap="us.iso" > moused_enable="YES" > sshd_enable="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > natd_program="/sbin/natd" > natd_enable="YES" > natd_interface="bge0" > natd_flags="-f /etc/natd.conf" > dhcpd_enable="NO" > dhcpd_flags="-q" > dhcpd_conf="/usr/local/etc/dhcpd.conf" > dhcpd_ifaces="em0" > dhcpd_withumask="022" > > ... [additional config which doesn't further isolate the problem snipped] ... It's a bug with the ipfw / natd startup scripts. See: http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/148137 http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/148928 http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/153155 The latter has a patch to fix the problem.