Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Oct 2004 22:11:33 -0500
From:      "Conrad J. Sabatier" <conrads@cox.net>
To:        Andre Oppermann <andre@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: make buildkernel failed related to ip_divert module
Message-ID:  <20041026221133.68115de1@dolphin.local.net>
In-Reply-To: <417E4337.80804@freebsd.org>
References:  <417B128B.7080904@gddsn.org.cn> <20041024133045.40733f45@dolphin.local.net> <20041024144743.37fb5c69@dolphin.local.net> <417D5E51.2060100@freebsd.org> <20041025214401.31d63ee4@dolphin.local.net> <417E4337.80804@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 26 Oct 2004 14:29:43 +0200, Andre Oppermann <andre@freebsd.org>
wrote:

> Conrad J. Sabatier wrote:
> > On Mon, 25 Oct 2004 22:13:05 +0200, Andre Oppermann
> > <andre@freebsd.org> wrote:
> > 
> > 
> >>Conrad J. Sabatier wrote:
> >>
> >>>This problem is occurring with the following kernel options:
> >>>
> >>>options     IPDIVERT
> >>>options     IPFILTER
> >>>options     IPFILTER_LOG
> >>>
> >>>The only workaround at this time is adding "options IPFIREWALL".
> >>
> >>Yes, that is correct.
> >>
> >>IPDIVERT is a module now and you can dynamically load it just like
> >you>can load ipfw (options IPFIREWALL).
> >>
> >>IPDIVERT depends on ipfw being loaded or compiled into the kernel.
> >>
> >>I have done the last step of IPDIVERT's transition into a KLD a few
> >>minutes ago.  It will warn you now if you try to compile it into a
> >>kernel without IPFIREWALL as well.  As a module it will simply
> >>complain that ipfw needs to be loaded first.
> > 
> > Hmmm.  I'm confused now.  Up until a day or two ago, the kernel
> > would compile just fine without IPFIREWALL.  When did IPDIVERT come
> > to depend on IPFIREWALL, and why?
>  >
> > Or maybe I'm just *really* confused.  I thought I needed IPDIVERT
> > for ipnat to work, or am I mistaken?
> 
> Yes, you are confused. ;)  IPDIVERT is only required for NAT with ipfw
> (a.k.a. IPFIREWALL).
> 
> > What exactly do I need now to use ipf and ipnat?
> 
> ipf and ipnat.  Nothing else in the kernel.
> 
> -- 
> Andre

Ah, thanks! 

-- 
Conrad J. Sabatier <conrads@cox.net> -- "In Unix veritas"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041026221133.68115de1>