Date: Wed, 24 Jan 2001 22:02:22 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Carlos Andrade <carlos@rjstech.com> Cc: ipfw@FreeBSD.ORG Subject: Re: ipfw problems with 4.2 upgrade Message-ID: <20010124220222.F10761@rfx-216-196-73-168.users.reflex> In-Reply-To: <001001c0861f$30c37d40$fadef9ce@rjstech.com>; from carlos@rjstech.com on Wed, Jan 24, 2001 at 09:03:28AM -0700 References: <20010123205455.W10761@rfx-216-196-73-168.users.reflex> <001001c0861f$30c37d40$fadef9ce@rjstech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 24, 2001 at 09:03:28AM -0700, Carlos Andrade wrote:
> > On Tue, Jan 23, 2001 at 12:58:59PM -0700, Carlos Andrade wrote:
> > > IPFIREWALL is set in my kernel, I re-built it thinking that was the
> > > problems. I still get the errors at start up :
> > >
> > > ipfw: getsockopt(I{_FW_ADD)): Protocol not available
> >
> > Show the dmesg(8).
> > --
> > Crist J. Clark cjclark@alum.mit.edu
>
> Okay, lots of info but here is the important stuff :
>
> IP packet filtering initialized, divert enabled, rule-based forwarding
> disabled (WHAT?), default to deny, logging limited to 50 packets/entries by
> default.
>
> Everything but the rule-based forwarding being disabled sounds right. Hmm
> this is a bad thing. No clue where to look other than rc.conf.
"rule-based forwarding disabled" just means you can't use 'fwd'
rules. That's not your problem though. Looking at rc.firewall would be
a good start for finding the problem. But first,
# ipfw show
# ipfw add 65000 pass ip from any to any
Try some ipfw(8) at the command line to see what you get. Run
rc.firewall in debug mode to see if you can find if there is one rule
causing problems,
# sh -x /etc/rc.firewall
DO NOT DO THIS FROM A NETWORK LOGIN.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010124220222.F10761>