Date: Sun, 2 Jul 2000 21:51:01 -0400 From: Neill Robins <freebsd@nc.rr.com> To: Joel Eusebio <joel@tilapia.pang.pworld.net.ph> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: transparent proxy Message-ID: <671657707.20000702215101@nc.rr.com> In-Reply-To: <Pine.LNX.3.95.1000703011803.9877A-100000@tilapia.pang.pworld.net.ph> References: <Pine.LNX.3.95.1000703011803.9877A-100000@tilapia.pang.pworld.net.ph>
next in thread | previous in thread | raw e-mail | index | archive | help
Sunday, July 02, 2000, 9:32:39 PM, you wrote:
JE> Hi,
JE> I followed your instructions and I was succesfull in compiling a new
JE> kernel with IP_FIREWALL, IPFIREWALL_VERBOSE, IP_DIVERT and IP_FORWARD
JE> activated but when rebooted and tried to ping one of my servers it says
JE> "permission denied" what did I do wrong??? Another is if I compiled a new
JE> kernel from my understanding the previous kernel will be named kernel.old
JE> how would I use this kernel.old in case my new kernel does not work.
JE> Thanks a lot.
JE> ------------------------>jOEl
JE> On Sun, 2 Jul 2000, Crist J. Clark wrote:
>> On Sun, Jul 02, 2000 at 01:34:32PM +0000, Joel Eusebio wrote:
>> > Hi All,
>> > Do I have to tweak the GENERIC kernel on /usr/src/sys to activate ipfw
>>
>> No, you can just load the KLD.
>>
>> > and
>> > what does LINT do???
>>
>> It is not a working kernel. It just lists all (pretty close to all
>> anyway) of the things you could put into a kernel config file and has
>> some useful comments.
>>
>> > If so what are the values that I have to add in the
>> > GENERIC kernel or in the LINT in order for ipfw or natd to work???
>>
>> Go to the LINT kernel and search for IPFIREWALL. Also, see ipfw(8),
>> natd(8), and divert(4).
>>
>> > BTW I'm
>> > setting up a transparent proxy on my 4.0-stable and I've posted this
>> > before and tried the suggestions that was given to me by some helpfull
>> > people but still I can't make transparent proxy to run. Thanks again
>>
>> Well, transparent proxies need more options to run, namely,
>> IPFIREWALL_FORWARD.
>>
>> Copy GENERIC to some new file, the machine name is a popular choice,
>> add the lines you figure out you need, delete things that came from
>> GENERIC that you don't need, and build a new kernel.
>> --
>> Crist J. Clark cjclark@alum.mit.edu
>>
Hello Joel,
1- To boot an old kernel, just type boot kernel.old at the boot prompt
(I believe you have to hit a key first...I am not currently at my
machine to make sure)
2- To ping, you need to enable ICMP which looks like this as one of my
IPFW rules in /etc/rc.firewall
# ICMP - for ping, etc
${fwcmd} add pass icmp from any to any
See www.freebsddiary.org and www.mostgraveconcern/freebsd/ along with
the handbook and manpages for more info.
This works for me.
Good luck,
Neill
freebsd@nc.rr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?671657707.20000702215101>