From owner-freebsd-questions Sun Jul 2 18:53:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.nc.rr.com (fe3.southeast.rr.com [24.93.67.50]) by hub.freebsd.org (Postfix) with ESMTP id 0BA0A37BEE8 for ; Sun, 2 Jul 2000 18:53:27 -0700 (PDT) (envelope-from freebsd@nc.rr.com) Received: from rdu25-17-233.nc.rr.com ([24.25.17.233]) by mail3.nc.rr.com with Microsoft SMTPSVC(5.5.1877.357.35); Sun, 2 Jul 2000 21:53:20 -0400 Date: Sun, 2 Jul 2000 21:51:01 -0400 From: Neill Robins X-Mailer: The Bat! (v1.42f) UNREG / CD5BF9353B3B7091 Reply-To: Neill Robins X-Priority: 3 (Normal) Message-ID: <671657707.20000702215101@nc.rr.com> To: Joel Eusebio Cc: freebsd-questions@FreeBSD.ORG Subject: Re: transparent proxy In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sunday, July 02, 2000, 9:32:39 PM, you wrote: JE> Hi, JE> I followed your instructions and I was succesfull in compiling a new JE> kernel with IP_FIREWALL, IPFIREWALL_VERBOSE, IP_DIVERT and IP_FORWARD JE> activated but when rebooted and tried to ping one of my servers it says JE> "permission denied" what did I do wrong??? Another is if I compiled a new JE> kernel from my understanding the previous kernel will be named kernel.old JE> how would I use this kernel.old in case my new kernel does not work. JE> Thanks a lot. JE> ------------------------>jOEl JE> On Sun, 2 Jul 2000, Crist J. Clark wrote: >> On Sun, Jul 02, 2000 at 01:34:32PM +0000, Joel Eusebio wrote: >> > Hi All, >> > Do I have to tweak the GENERIC kernel on /usr/src/sys to activate ipfw >> >> No, you can just load the KLD. >> >> > and >> > what does LINT do??? >> >> It is not a working kernel. It just lists all (pretty close to all >> anyway) of the things you could put into a kernel config file and has >> some useful comments. >> >> > If so what are the values that I have to add in the >> > GENERIC kernel or in the LINT in order for ipfw or natd to work??? >> >> Go to the LINT kernel and search for IPFIREWALL. Also, see ipfw(8), >> natd(8), and divert(4). >> >> > BTW I'm >> > setting up a transparent proxy on my 4.0-stable and I've posted this >> > before and tried the suggestions that was given to me by some helpfull >> > people but still I can't make transparent proxy to run. Thanks again >> >> Well, transparent proxies need more options to run, namely, >> IPFIREWALL_FORWARD. >> >> Copy GENERIC to some new file, the machine name is a popular choice, >> add the lines you figure out you need, delete things that came from >> GENERIC that you don't need, and build a new kernel. >> -- >> Crist J. Clark cjclark@alum.mit.edu >> Hello Joel, 1- To boot an old kernel, just type boot kernel.old at the boot prompt (I believe you have to hit a key first...I am not currently at my machine to make sure) 2- To ping, you need to enable ICMP which looks like this as one of my IPFW rules in /etc/rc.firewall # ICMP - for ping, etc ${fwcmd} add pass icmp from any to any See www.freebsddiary.org and www.mostgraveconcern/freebsd/ along with the handbook and manpages for more info. This works for me. Good luck, Neill freebsd@nc.rr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message