Date: Fri, 29 Sep 2000 03:40:21 -0600 From: James Gorham <james@veldt.com> To: freebsd-newbies@freebsd.org Subject: Help! IPFW Problems Message-ID: <p05001901b5fa13fdb4cc@[192.168.1.2]>
next in thread | raw e-mail | index | archive | help
--============_-1241902024==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Greetings.
I'm having quite a bit of trouble, and it seems to be related to IP
Divert and/or IP firewall.
A bit of background...
I compiled a custom kernel when I first installed FreeBSD, with:
options IPDIVERT
options IPFIREWALL
as the only custom options from the GENERIC config, other than some
custom screen colors.
I ran my local network of a FreeBSD machine acting as the gateway for
a single IP DSL connection to 2 macs on the LAN. It worked fine until
I decided to install netatalk.
I added the:
options NETATALK
to the same kernel file I used originally, config'd the file, make
depend, make, and make install'd the kernel. Upon reboot I began
getting messages such as:
00100 allow ip from any to any via lo0
ifw: setsockopt(IP_FW_ADD): Invalid argument
00200 deny ip from any to 127.0.0.0/8
ipfw: setsockop(IP_FW-AD): Invalid Argument
65000 allow ip from any to any
ipfw: setsockopt(IP_FW_ADD): Invalid argument
during boot process. After booting, and logging in, all tcp/ip
functions were unavailble. Things like ping, would get:
sendto: Permission denied.
I tried removing the netatalk option from the Kernel file,
recompiling and installing, and STILL get the ipfw errors. I had the
following two lines in my rc.conf file:
firewall_enable="YES"
firewall_type="open"
Originally (before the netatalk compile) these worked fine. If I
comment these two lines out now, I can do my TCP/IP functions, but I
cannot get any of the machines on the LAN on the internet, due to
natd not being enabled.
I gave up, and tried compiling the GENERIC kernel. After installing
this kernel, I still cannot leave the above two lines in my rc.conf
uncommented, or else I'll have no tcp/ip functions.
I've never touched the rc.firewall file, nor have I ever cvsup'd the
/usr/src directory. I've only updated the /usr/ports.
If you have any idea at all as to what I should do, please let me
know. I'm in dire need to get these machines back online.
Best regards,
james
--============_-1241902024==_ma============
Content-Type: text/html; charset="us-ascii"
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { margin-top: 0 ; margin-bottom: 0 }
--></style><title>Help! IPFW Problems</title></head><body>
<div>Greetings.</div>
<div><br></div>
<div>I'm having quite a bit of trouble, and it seems to be related to
IP Divert and/or IP firewall.</div>
<div><br></div>
<div>A bit of background...</div>
<div><br></div>
<div>I compiled a custom kernel when I first installed FreeBSD,
with:</div>
<div>options<x-tab>
</x-tab><x-tab>
</x-tab>IPDIVERT</div>
<div>options<x-tab>
</x-tab><x-tab>
</x-tab>IPFIREWALL</div>
<div><br></div>
<div>as the only custom options from the GENERIC config, other than
some custom screen colors.</div>
<div><br></div>
<div>I ran my local network of a FreeBSD machine acting as the gateway
for a single IP DSL connection to 2 macs on the LAN. It worked fine
until I decided to install netatalk.</div>
<div><br></div>
<div>I added the:</div>
<div>options<x-tab>
</x-tab><x-tab>
</x-tab>NETATALK</div>
<div>to the same kernel file I used originally, config'd the file,
make depend, make, and make install'd the kernel. Upon reboot I began
getting messages such as:</div>
<div><font face="Times" size="+1" color="#000000">00100 allow ip from
any to any via lo0<br>
ifw: setsockopt(IP_FW_ADD): Invalid argument<br>
<br>
00200 deny ip from any to 127.0.0.0/8<br>
ipfw: setsockop(IP_FW-AD): Invalid Argument<br>
<br>
65000 allow ip from any to any<br>
ipfw: setsockopt(IP_FW_ADD): Invalid argument</font></div>
<div><br></div>
<div>during boot process. After booting, and logging in, all tcp/ip
functions were unavailble. Things like ping, would get:</div>
<div>sendto: Permission denied.</div>
<div><br></div>
<div>I tried removing the netatalk option from the Kernel file,
recompiling and installing, and STILL get the ipfw errors. I had the
following two lines in my rc.conf file:</div>
<div>firewall_enable="YES"</div>
<div>firewall_type="open"</div>
<div><br></div>
<div>Originally (before the netatalk compile) these worked fine. If I
comment these two lines out now, I can do my TCP/IP functions, but I
cannot get any of the machines on the LAN on the internet, due to natd
not being enabled.</div>
<div><br></div>
<div>I gave up, and tried compiling the GENERIC kernel. After
installing this kernel, I still cannot leave the above two lines in my
rc.conf uncommented, or else I'll have no tcp/ip functions.</div>
<div><br></div>
<div>I've never touched the rc.firewall file, nor have I ever cvsup'd
the /usr/src directory. I've only updated the /usr/ports.</div>
<div><br></div>
<div>If you have any idea at all as to what I should do, please let me
know. I'm in dire need to get these machines back online.</div>
<div><br></div>
<div>Best regards,</div>
<div>james</div>
</body>
</html>
--============_-1241902024==_ma============--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001901b5fa13fdb4cc>