Date: 18 Aug 2002 10:22:59 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: Devon Stark <knightraven@attbi.com> Cc: FreeBSD-Hackers@freebsd.org Subject: Re: IPDIVERT, having issues? [Moved to -questions] Message-ID: <1029666187.253.7.camel@markx.vladsempire.net> In-Reply-To: <002801c2467f$731ebb60$14bde00c@quark> References: <002801c2467f$731ebb60$14bde00c@quark>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2002-08-18 at 06:20, Devon Stark wrote: > Greetings! > I am having a problem trying to get IPDIVERT to take.. > I have setup my kernel conf to include the following lines > > options IPFIREWALL > options IPDIVERT > > I have the nic configured and running just fine, for both local LAN and for internet (both of my NICs are plugged into the same switch for now) > > My /etc/rc.conf has > gateway_enable=""YES" > firewall_enable="YES" > natd_enable="YES" > > Every time I boot the server I get a message saying that IP Packet filtering is enabled, along with any other configuration I specified (logging and such), but divert is always set to disabled!? > I have gone to the point of building the kernel with '-DIPDIVERT' and still getting the same results... > The main effect of this problem is of course that I get an error when I try to apply the following rule to my firewall > > 'ipfw add divert natd all from any to any via fxp0' > The error is... > > ip_fw_ctl: invalid command > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > I have checked and natd is in the services list and seems to be configured properly. > > I have been searching for the answer for about 3 days now with little luck finding the answer. > > The only thing I can think of is that there is some other kernel option that I am enabling that is causing this problem, or perhaps that there is something that I am missing? > > I have included my config files here for review... > > Kernel config file (I striped out all of the comments for the sake of this post) > > machine i386 > cpu I686_CPU > ident THE-SERVER > maxusers 256 > options MATH_EMULATE > options INET > options FFS > options FFS_ROOT > options SOFTUPDATES > options UFS_DIRHASH > options MFS > options MD_ROOT > options NFS > options NFS_ROOT > options MSDOSFS > options CD9660 > options CD9660_ROOT > options PROCFS > options COMPAT_43 > options SCSI_DELAY=1000 > options UCONSOLE > options USERCONFIG > options VISUAL_USERCONFIG > options KTRACE > options SYSVSHM > options SYSVMSG > options SYSVSEM > options P1003_1B > options _KPOSIX_PRIORITY_SCHEDULING > options ICMP_BANDLIM > options KBD_INSTALL_CDEV > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=50 > options BRIDGE > options IPSTEALTH > options TCP_DROP_SYNFIN > options SMP > options APIC_IO > device isa > device eisa > device pci > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > device fd0 at fdc0 drive 0 > device ata0 at isa? port IO_WD1 irq 14 > device ata1 at isa? port IO_WD2 irq 15 > device ata > device atadisk > device atapicd > device atapifd > options ATA_STATIC_ID > device ahb > device ahc > device amd > device isp > device ncr > device sym > options SYM_SETUP_LP_PROBE_MAP=0x40 > device adv0 at isa? > device adw > device bt0 at isa? > device aha0 at isa? > device aic0 at isa? > device scbus > device da > device sa > device cd > device pass > device asr > device atkbdc0 at isa? port IO_KBD > device atkbd0 at atkbdc? irq 1 flags 0x1 > device psm0 at atkbdc? irq 12 > device vga0 at isa? > pseudo-device splash > device sc0 at isa? flags 0x100 > device npx0 at nexus? port IO_NPX irq 13 > device apm0 at nexus? disable flags 0x20 > device sio0 at isa? port IO_COM1 flags 0x10 irq 4 > device sio1 at isa? port IO_COM2 irq 3 > device ppc0 at isa? irq 7 > device ppbus > device lpt > device miibus > device fxp > pseudo-device loop > pseudo-device ether > pseudo-device pty > pseudo-device md > pseudo-device bpf > device uhci > device ohci > device usb > device ugen > device uhid > device ukbd > device ulpt > device umass > device ums > device uscanner > device urio > device aue > device cue > device kue > > Here is the /etc/rc.conf > > gateway_enable="YES" > inetd_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > moused_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > ifconfig_fxp0="DHCP" > ifconfig_fxp1="inet 172.17.0.1 netmask 255.255.255.0" > hostname="The-Server.KnightRaven.com" > firewall_enable="YES" > firewall_type="open" > firewall_quiet="NO" > natd_enable="YES" > natd_flags="-f /etc/natd.conf" > natd_interface="fxp0" > > Let me know if there are any other configuration files you need to look at... > > Any ideas or help is greatly appreciated! > > Thank you! > Devon Remove option IPFIREWALL_FORWARD and option BRIDGE from you kernel and recompile. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029666187.253.7.camel>