From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 1 10:08:09 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BA4616A4CE for ; Thu, 1 Jul 2004 10:08:09 +0000 (GMT) Received: from melexc01.stateautomation.com (bytecr.lnk.telstra.net [139.130.142.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFF7B43D54 for ; Thu, 1 Jul 2004 10:08:07 +0000 (GMT) (envelope-from freebsd@stateautomation.com) Received: by MELEXC01 with Internet Mail Service (5.5.2655.55) id ; Thu, 1 Jul 2004 20:13:33 +1000 Message-ID: From: freebsd@stateautomation.com To: freebsd-ipfw@freebsd.org Date: Thu, 1 Jul 2004 20:13:27 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain Subject: RE: ipdivert rule will not load X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 10:08:09 -0000 > freebsd@stateautomation.com schrieb: > > > ipfw will not accept a DIVERT rule. e.g the rule I am trying to add is.. > > > ipfw add 3000 divert 8668 ip from any to any via sis0 > > The response I get is... ipfw: getsockopt(IP_FW_ADD): Invalid argument > > I have built a custom kernel with the following optional lines > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT > > options IPDIVERT > > Does anyone know why the system will not accept the divert rule? > Thankyou. > J.S. > The options seem to be correct, however the error message indicates > the lack of 'divert' in the kernel. Are you sure you properly > built and *installed* your custom kernel? Check the output of > 'dmesg | grep divert', you should see '... divert enabled...', > otherwise something went wrong with your kernel build. > > Thomas > > Thomas, you are right - thankyou. The output of "dmesg | grep divert" shows that divert is disabled. kldstat also shows that the loadable module ipfw.ko is loaded which suggests that that may be stopping ipfw being loaded in the main kernel (and therefore divert sockets not being available - I read this in a post in the archives). Does anyone know where to look to see where the loadable module ipfw.ko may be getting loaded? Is there a way I can grep for the pattern ipfw.ko from the / directory so that it will look for a match on my entire file system? When I use grep -r -i ipfw.ko /* |more (to search my entire filesystem from the / directory) I get the response grep: memory exhausted (I have 256MB RAM). Thanks for any responses. Regards, J.S.