From owner-freebsd-ipfw Wed Jan 24 22: 2:48 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 05E5E37B401 for ; Wed, 24 Jan 2001 22:02:31 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 24 Jan 2001 22:00:36 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0P62SH54222; Wed, 24 Jan 2001 22:02:28 -0800 (PST) (envelope-from cjc) Date: Wed, 24 Jan 2001 22:02:22 -0800 From: "Crist J. Clark" To: Carlos Andrade Cc: ipfw@FreeBSD.ORG Subject: Re: ipfw problems with 4.2 upgrade Message-ID: <20010124220222.F10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <20010123205455.W10761@rfx-216-196-73-168.users.reflex> <001001c0861f$30c37d40$fadef9ce@rjstech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <001001c0861f$30c37d40$fadef9ce@rjstech.com>; from carlos@rjstech.com on Wed, Jan 24, 2001 at 09:03:28AM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Jan 24, 2001 at 09:03:28AM -0700, Carlos Andrade wrote: > > On Tue, Jan 23, 2001 at 12:58:59PM -0700, Carlos Andrade wrote: > > > IPFIREWALL is set in my kernel, I re-built it thinking that was the > > > problems. I still get the errors at start up : > > > > > > ipfw: getsockopt(I{_FW_ADD)): Protocol not available > > > > Show the dmesg(8). > > -- > > Crist J. Clark cjclark@alum.mit.edu > > Okay, lots of info but here is the important stuff : > > IP packet filtering initialized, divert enabled, rule-based forwarding > disabled (WHAT?), default to deny, logging limited to 50 packets/entries by > default. > > Everything but the rule-based forwarding being disabled sounds right. Hmm > this is a bad thing. No clue where to look other than rc.conf. "rule-based forwarding disabled" just means you can't use 'fwd' rules. That's not your problem though. Looking at rc.firewall would be a good start for finding the problem. But first, # ipfw show # ipfw add 65000 pass ip from any to any Try some ipfw(8) at the command line to see what you get. Run rc.firewall in debug mode to see if you can find if there is one rule causing problems, # sh -x /etc/rc.firewall DO NOT DO THIS FROM A NETWORK LOGIN. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message