From owner-freebsd-ipfw@FreeBSD.ORG Sat May 24 10:53:54 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D9AB37B401 for ; Sat, 24 May 2003 10:53:54 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 095A743F3F for ; Sat, 24 May 2003 10:53:51 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h4OHrkEd044386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 24 May 2003 20:53:47 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h4OHriG1044381; Sat, 24 May 2003 20:53:44 +0300 (EEST) (envelope-from ru) Date: Sat, 24 May 2003 20:53:44 +0300 From: Ruslan Ermilov To: Jason Dambrosio Message-ID: <20030524175344.GB42456@sunbay.com> References: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DBIVS5p969aUjpLe" Content-Disposition: inline In-Reply-To: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net> User-Agent: Mutt/1.5.4i cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 broken in -current? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2003 17:53:54 -0000 --DBIVS5p969aUjpLe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 23, 2003 at 10:20:30PM -0700, Jason Dambrosio wrote: > # ipfw show > 65535 2875 1377389 deny ip from any to any > # ping lava.net > PING lava.net (64.65.64.17): 56 data bytes > 64 bytes from 64.65.64.17: icmp_seq=3D0 ttl=3D242 time=3D58.529 ms > # ipfw add 100 divert natd ip from any to any via bge0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > ipfw: opcode 50 size 1 wrong > # uname -a > FreeBSD test-server 5.1-BETA FreeBSD 5.1-BETA #12: Fri May 23 18:11:41 HS= T 2003 >=20 > I have: >=20 > options IPDIVERT > options IPSTEALTH > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=3D0 > options IPFIREWALL_DEFAULT_TO_ACCEPT >=20 > and >=20 > sysctl net.inet.ip.forwarding=3D1 > sysctl net.inet.ip.fastforwarding=3D1 > sysctl net.inet.ip.stealth=3D1 >=20 grep ipfw /var/run/dmesg.boot, if it says "divert disabled" it means that you forgot to recompile/reinstall your kernel properly with the "options IPDIVERT". Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --DBIVS5p969aUjpLe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+z7GoUkv4P6juNwoRAkkwAJ99hOXKKvFBA77KVguW41IMcIcv9ACbBrhl xbW/+kvzJnByGEqQL2k9vBA= =PH0F -----END PGP SIGNATURE----- --DBIVS5p969aUjpLe--