Date: Tue, 24 May 2005 13:56:01 +0200 From: Chris Knipe <savage@savage.za.org> To: freebsd-questions@freebsd.org Subject: Re: ipf + ipfw + divert = no go Message-ID: <20050524115601.GA39279@savage.za.org> In-Reply-To: <20050524115445.GA67204@bps.jodocus.org> References: <20050524105605.GA37881@savage.za.org> <20050524113858.GA38897@savage.za.org> <20050524115445.GA67204@bps.jodocus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 24, 2005 at 01:54:45PM +0200, Joost Bekkers wrote: > On Tue, May 24, 2005 at 01:38:58PM +0200, Chris Knipe wrote: > > On Tue, May 24, 2005 at 12:56:06PM +0200, Chris Knipe wrote: > > > Hi, > > > > > > Quick question... > > > > > > dmesg: > > > IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled > > > ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 1024 packets/entry by default > > > > > > > > > shell: > > > bash-2.05b# ipfw add 50 fwd 192.168.0.237,3306 tcp from any to x.x.56.178 dst-port 3306 > > > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > > > bash-2.05b# whoami > > > root > > > bash-2.05b# > > > > > > What gives????? FreeBSD 5.4-STABLE > > > > > > bash-2.05b# ipfw add 50 fwd 1.1.1.1,1 tcp from 1.1.1.1 to 1.1.1.1 dst-port 1 > > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > > bash-2.05b# ipfw add 50 allow ip from me to any > > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > > bash-2.05b# > > At what securelevel are you running? Slap me with a rotten trout! Thank you very much... Was level 3 which is obviously to high :) It's ment to be level 2. Thanks allot! -- Chris.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050524115601.GA39279>
