Date: Sat, 24 May 2003 20:53:44 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Jason Dambrosio <jason@wiz.cx> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 broken in -current? Message-ID: <20030524175344.GB42456@sunbay.com> In-Reply-To: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, May 23, 2003 at 10:20:30PM -0700, Jason Dambrosio wrote: > # ipfw show > 65535 2875 1377389 deny ip from any to any > # ping lava.net > PING lava.net (64.65.64.17): 56 data bytes > 64 bytes from 64.65.64.17: icmp_seq=0 ttl=242 time=58.529 ms > # ipfw add 100 divert natd ip from any to any via bge0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > ipfw: opcode 50 size 1 wrong > # uname -a > FreeBSD test-server 5.1-BETA FreeBSD 5.1-BETA #12: Fri May 23 18:11:41 HST 2003 > > I have: > > options IPDIVERT > options IPSTEALTH > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=0 > options IPFIREWALL_DEFAULT_TO_ACCEPT > > and > > sysctl net.inet.ip.forwarding=1 > sysctl net.inet.ip.fastforwarding=1 > sysctl net.inet.ip.stealth=1 > grep ipfw /var/run/dmesg.boot, if it says "divert disabled" it means that you forgot to recompile/reinstall your kernel properly with the "options IPDIVERT". Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+z7GoUkv4P6juNwoRAkkwAJ99hOXKKvFBA77KVguW41IMcIcv9ACbBrhl xbW/+kvzJnByGEqQL2k9vBA= =PH0F -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030524175344.GB42456>