Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Nov 2002 23:26:53 +0200
From:      "Vladislav V. Zhuk" <admin@dru.dn.ua>
To:        stable@FreeBSD.ORG
Subject:   IPFW2 and FreeBSD 4.7-RELEASE-p2 #0: Sun Nov 17 19:25:19
Message-ID:  <20021118212653.GA68828@dru.dn.ua>

next in thread | raw e-mail | index | archive | help
Hi!

I added "options IPFW2" to my kernel config, and "IPFW2=TRUE"
to /etc/make.conf, cvsuped to RELENG_4_7.
Make and install world/kernel, run mergemaster.
After update (I did this routinely) IPFW don't forward packets.
Divert, allow, deny, reject - all work fine, fwd don't work.

What can I do to use forward in IPFW2 ??
Help!!!

PS: from my kernel config:

options         IPFW2
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT

options         ACCEPT_FILTER_DATA
options         ACCEPT_FILTER_HTTP

options         ICMP_BANDLIM
options         DUMMYNET
--------------------------------------------

sysctl -a
....
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
....
net.inet.ip.sourceroute: 0
....
net.inet.ip.accept_sourceroute: 0
net.inet.ip.fastforwarding: 0
.....
net.inet.ip.dummynet.hash_size: 64
net.inet.ip.dummynet.curr_time: 9792515
net.inet.ip.dummynet.ready_heap: 16
net.inet.ip.dummynet.extract_heap: 0
net.inet.ip.dummynet.searches: 0
net.inet.ip.dummynet.search_steps: 0
net.inet.ip.dummynet.expire: 1
net.inet.ip.dummynet.max_chain_len: 16
net.inet.ip.dummynet.red_lookup_depth: 256
net.inet.ip.dummynet.red_avg_pkt_size: 512
net.inet.ip.dummynet.red_max_pkt_size: 1500
net.inet.ip.fw.enable: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 100
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.static_count: 82
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.maxfragpackets: 1024
net.inet.ip.check_interface: 0

-- 
Vladislav V. Zhuk (06267)3-60-03  admin@dru.dn.ua  2:465/197@FidoNet.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021118212653.GA68828>