From owner-freebsd-questions@FreeBSD.ORG Tue May 24 11:40:37 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC0B116A41C for ; Tue, 24 May 2005 11:40:37 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from pyro.cenergynetworks.com (pyro.cenergynetworks.com [196.30.191.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E88143D48 for ; Tue, 24 May 2005 11:40:37 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from [127.0.0.1] (helo=pyro.cenergynetworks.com) by pyro.cenergynetworks.com with smtp (Exim 4.50) id 1DaXkR-000A7d-qG for freebsd-questions@freebsd.org; Tue, 24 May 2005 13:38:59 +0200 Received: from root by pyro.cenergynetworks.com with local (Exim 4.50) id 1DaXkR-000A7Z-ph for freebsd-questions@freebsd.org; Tue, 24 May 2005 13:38:59 +0200 Date: Tue, 24 May 2005 13:38:58 +0200 From: Chris Knipe To: freebsd-questions@freebsd.org Message-ID: <20050524113858.GA38897@savage.za.org> References: <20050524105605.GA37881@savage.za.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050524105605.GA37881@savage.za.org> User-Agent: Mutt/1.4.2.1i X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.0, Antispam-Data: 2005.3.10.17 Subject: Re: ipf + ipfw + divert = no go X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 11:40:37 -0000 On Tue, May 24, 2005 at 12:56:06PM +0200, Chris Knipe wrote: > Hi, > > Quick question... > > dmesg: > IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled > ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 1024 packets/entry by default > > > shell: > bash-2.05b# ipfw add 50 fwd 192.168.0.237,3306 tcp from any to x.x.56.178 dst-port 3306 > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > bash-2.05b# whoami > root > bash-2.05b# > > What gives????? FreeBSD 5.4-STABLE bash-2.05b# ipfw add 50 fwd 1.1.1.1,1 tcp from 1.1.1.1 to 1.1.1.1 dst-port 1 ipfw: getsockopt(IP_FW_ADD): Operation not permitted bash-2.05b# ipfw add 50 allow ip from me to any ipfw: getsockopt(IP_FW_ADD): Operation not permitted bash-2.05b# Ok, well this is really not right.... -shrugs- -- Chris.