From owner-freebsd-ipfw@FreeBSD.ORG  Fri May 23 22:20:32 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 03EBD37B401
	for <freebsd-ipfw@freebsd.org>; Fri, 23 May 2003 22:20:32 -0700 (PDT)
Received: from mx1.tekgenesis.net (main.lax1.tekgenesis.net [64.235.239.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6428943F3F
	for <freebsd-ipfw@freebsd.org>; Fri, 23 May 2003 22:20:31 -0700 (PDT)
	(envelope-from jason@wiz.cx)
Received: by mx1.tekgenesis.net (Postfix, from userid 105)
	id 2B7555C62; Fri, 23 May 2003 22:20:31 -0700 (PDT)
Received: from webmail.tekgenesis.net (localhost [127.0.0.1])
	by mx1.tekgenesis.net (Postfix) with SMTP id C7B575C5A
	for <freebsd-ipfw@freebsd.org>; Fri, 23 May 2003 22:20:30 -0700 (PDT)
Received: from a24b165n50client248.hawaii.rr.com ([24.165.50.248])
        (SquirrelMail authenticated user wiz)
        by webmail.tekgenesis.net with HTTP;
        Fri, 23 May 2003 22:20:30 -0700 (PDT)
Message-ID: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net>
Date: Fri, 23 May 2003 22:20:30 -0700 (PDT)
From: "Jason Dambrosio" <jason@wiz.cx>
To: freebsd-ipfw@freebsd.org
User-Agent: SquirrelMail/1.4.0
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3
Importance: Normal
X-Spam-Status: No, hits=-4.3 required=5.0
	tests=BAYES_00,MSG_ID_ADDED_BY_MTA_3,PRIORITY_NO_NAME,
	      UPPERCASE_25_50,USER_AGENT
	version=2.53
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
Subject: ipfw2 broken in -current?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 May 2003 05:20:32 -0000

# ipfw show
65535       2875    1377389 deny ip from any to any
# ping lava.net
PING lava.net (64.65.64.17): 56 data bytes
64 bytes from 64.65.64.17: icmp_seq=0 ttl=242 time=58.529 ms
# ipfw add 100 divert natd ip from any to any via bge0
ipfw: getsockopt(IP_FW_ADD): Invalid argument
ipfw: opcode 50 size 1 wrong
# uname -a
FreeBSD test-server 5.1-BETA FreeBSD 5.1-BETA #12: Fri May 23 18:11:41 HST 2003

I have:

options IPDIVERT
options IPSTEALTH
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=0
options IPFIREWALL_DEFAULT_TO_ACCEPT

and

sysctl net.inet.ip.forwarding=1
sysctl net.inet.ip.fastforwarding=1
sysctl net.inet.ip.stealth=1

Jason