From owner-freebsd-questions  Sun Nov  4 17:25:14 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from grumpy.dyndns.org (user-24-214-92-93.knology.net [24.214.92.93])
	by hub.freebsd.org (Postfix) with ESMTP id 8D61F37B405
	for <questions@FreeBSD.ORG>; Sun,  4 Nov 2001 17:25:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by grumpy.dyndns.org (8.11.6/8.11.6) with ESMTP id fA51GPo68305;
	Sun, 4 Nov 2001 19:16:25 -0600 (CST)
	(envelope-from dkelly@grumpy.dyndns.org)
Message-Id: <200111050116.fA51GPo68305@grumpy.dyndns.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: "Jason Cribbins" <jasonc@concentric.net>
Cc: "Nick Rogness" <nick@rogness.net>, questions@FreeBSD.ORG
From: David Kelly <dkelly@hiwaay.net>
Subject: Re: Unable to get natd/ipfw to work properly 
In-reply-to: Message from "Jason Cribbins" <jasonc@concentric.net> 
   of "Sun, 04 Nov 2001 15:13:34 EST." <001701c1656d$2f97c240$05d85c42@kibserv.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 04 Nov 2001 19:16:24 -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Jason Cribbins" writes:
> I rebuilt the kernel using the directions found on
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
> using the "traditional" method since the "new" method wouldn't work
> correctly.
> I have confirmed the new kernel ident is displayed upon bootup.
> 
> Now I am back top this again
> IP packet filtering initialized, divert disabled, rule-based forwarding
> disabled
> , default to deny, logging disabled
> 
> and this as well.
> 7:58pm mail:~ # ipfw add divert natd all from any to any via lnc0
> ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 7:58pm mail:~ #
> 
> What am I missing here?

On reboot if you had firewall_enable="yes" in /etc/rc.conf then it 
would have run "kldload ipfw" for you. Short of reboot you could do it 
yourself on the command line. Read /etc/rc.network to see what happens.

Can't say for sure if IPDIVERT would be included in the ipfw kld but am 
guessing it would.

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message