Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2000 03:40:21 -0600
From:      James Gorham <james@veldt.com>
To:        freebsd-newbies@freebsd.org
Subject:   Help! IPFW Problems
Message-ID:  <p05001901b5fa13fdb4cc@[192.168.1.2]>

next in thread | raw e-mail | index | archive | help
--============_-1241902024==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

Greetings.

I'm having quite a bit of trouble, and it seems to be related to IP 
Divert and/or IP firewall.

A bit of background...

I compiled a custom kernel when I first installed FreeBSD, with:
options		IPDIVERT
options		IPFIREWALL

as the only custom options from the GENERIC config, other than some 
custom screen colors.

I ran my local network of a FreeBSD machine acting as the gateway for 
a single IP DSL connection to 2 macs on the LAN. It worked fine until 
I decided to install netatalk.

I added the:
options		NETATALK
to the same kernel file I used originally, config'd the file, make 
depend, make, and make install'd the kernel. Upon reboot I began 
getting messages such as:
00100 allow ip from any to any via lo0
ifw: setsockopt(IP_FW_ADD): Invalid argument

00200 deny ip from any to 127.0.0.0/8
ipfw: setsockop(IP_FW-AD): Invalid Argument

65000 allow ip from any to any
ipfw: setsockopt(IP_FW_ADD): Invalid argument

during boot process. After booting, and logging in, all tcp/ip 
functions were unavailble. Things like ping, would get:
sendto: Permission denied.

I tried removing the netatalk option from the Kernel file, 
recompiling and installing, and STILL get the ipfw errors. I had the 
following two lines in my rc.conf file:
firewall_enable="YES"
firewall_type="open"

Originally (before the netatalk compile) these worked fine. If I 
comment these two lines out now, I can do my TCP/IP functions, but I 
cannot get any of the machines on the LAN on the internet, due to 
natd not being enabled.

I gave up, and tried compiling the GENERIC kernel. After installing 
this kernel, I still cannot leave the above two lines in my rc.conf 
uncommented, or else I'll have no tcp/ip functions.

I've never touched the rc.firewall file, nor have I ever cvsup'd the 
/usr/src directory. I've only updated the /usr/ports.

If you have any idea at all as to what I should do, please let me 
know. I'm in dire need to get these machines back online.

Best regards,
james
--============_-1241902024==_ma============
Content-Type: text/html; charset="us-ascii"

<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
 --></style><title>Help! IPFW Problems</title></head><body>
<div>Greetings.</div>
<div><br></div>
<div>I'm having quite a bit of trouble, and it seems to be related to
IP Divert and/or IP firewall.</div>
<div><br></div>
<div>A bit of background...</div>
<div><br></div>
<div>I compiled a custom kernel when I first installed FreeBSD,
with:</div>
<div>options<x-tab>
</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</x-tab>IPDIVERT</div>
<div>options<x-tab>
</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</x-tab>IPFIREWALL</div>
<div><br></div>
<div>as the only custom options from the GENERIC config, other than
some custom screen colors.</div>
<div><br></div>
<div>I ran my local network of a FreeBSD machine acting as the gateway
for a single IP DSL connection to 2 macs on the LAN. It worked fine
until I decided to install netatalk.</div>
<div><br></div>
<div>I added the:</div>
<div>options<x-tab>
</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</x-tab>NETATALK</div>
<div>to the same kernel file I used originally, config'd the file,
make depend, make, and make install'd the kernel. Upon reboot I began
getting messages such as:</div>
<div><font face="Times" size="+1" color="#000000">00100 allow ip from
any to any via lo0<br>
ifw: setsockopt(IP_FW_ADD): Invalid argument<br>
<br>
00200 deny ip from any to 127.0.0.0/8<br>
ipfw: setsockop(IP_FW-AD): Invalid Argument<br>
<br>
65000 allow ip from any to any<br>
ipfw: setsockopt(IP_FW_ADD): Invalid argument</font></div>
<div><br></div>
<div>during boot process. After booting, and logging in, all tcp/ip
functions were unavailble. Things like ping, would get:</div>
<div>sendto: Permission denied.</div>
<div><br></div>
<div>I tried removing the netatalk option from the Kernel file,
recompiling and installing, and STILL get the ipfw errors. I had the
following two lines in my rc.conf file:</div>
<div>firewall_enable=&quot;YES&quot;</div>
<div>firewall_type=&quot;open&quot;</div>
<div><br></div>
<div>Originally (before the netatalk compile) these worked fine. If I
comment these two lines out now, I can do my TCP/IP functions, but I
cannot get any of the machines on the LAN on the internet, due to natd
not being enabled.</div>
<div><br></div>
<div>I gave up, and tried compiling the GENERIC kernel. After
installing this kernel, I still cannot leave the above two lines in my
rc.conf uncommented, or else I'll have no tcp/ip functions.</div>
<div><br></div>
<div>I've never touched the rc.firewall file, nor have I ever cvsup'd
the /usr/src directory. I've only updated the /usr/ports.</div>
<div><br></div>
<div>If you have any idea at all as to what I should do, please let me
know. I'm in dire need to get these machines back online.</div>
<div><br></div>
<div>Best regards,</div>
<div>james</div>
</body>
</html>
--============_-1241902024==_ma============--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001901b5fa13fdb4cc>