On Sun, 2002-08-18 at 06:20, Devon Stark wrote: > Greetings! > I am having a problem trying to get IPDIVERT to take.. > I have setup my kernel conf to include the following lines > > options IPFIREWALL > options IPDIVERT > > I have the nic configured and running just fine, for both local LAN and for internet >(both of my NICs are plugged into the same switch for now) > > My /etc/rc.conf has > gateway_enable=""YES" > firewall_enable="YES" > natd_enable="YES" > > Every time I boot the server I get a message saying that IP Packet filtering is >enabled, along with any other configuration I specified (logging and such), but >divert is always set to disabled!? > I have gone to the point of building the kernel with '-DIPDIVERT' and still getting >the same results... > The main effect of this problem is of course that I get an error when I try to apply >the following rule to my firewall > > 'ipfw add divert natd all from any to any via fxp0' > The error is... > > ip_fw_ctl: invalid command > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > I have checked and natd is in the services list and seems to be configured properly. > > I have been searching for the answer for about 3 days now with little luck finding >the answer. > > The only thing I can think of is that there is some other kernel option that I am >enabling that is causing this problem, or perhaps that there is something that I am >missing? > > I have included my config files here for review... > > Kernel config file (I striped out all of the comments for the sake of this post) > > machine i386 > cpu I686_CPU > ident THE-SERVER > maxusers 256 > options MATH_EMULATE > options INET > options FFS > options FFS_ROOT > options SOFTUPDATES > options UFS_DIRHASH > options MFS > options MD_ROOT > options NFS > options NFS_ROOT > options MSDOSFS > options CD9660 > options CD9660_ROOT > options PROCFS > options COMPAT_43 > options SCSI_DELAY=1000 > options UCONSOLE > options USERCONFIG > options VISUAL_USERCONFIG > options KTRACE > options SYSVSHM > options SYSVMSG > options SYSVSEM > options P1003_1B > options _KPOSIX_PRIORITY_SCHEDULING > options ICMP_BANDLIM > options KBD_INSTALL_CDEV > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=50 > options BRIDGE > options IPSTEALTH > options TCP_DROP_SYNFIN > options SMP > options APIC_IO > device isa > device eisa > device pci > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > device fd0 at fdc0 drive 0 > device ata0 at isa? port IO_WD1 irq 14 > device ata1 at isa? port IO_WD2 irq 15 > device ata > device atadisk > device atapicd > device atapifd > options ATA_STATIC_ID > device ahb > device ahc > device amd > device isp > device ncr > device sym > options SYM_SETUP_LP_PROBE_MAP=0x40 > device adv0 at isa? > device adw > device bt0 at isa? > device aha0 at isa? > device aic0 at isa? > device scbus > device da > device sa > device cd > device pass > device asr > device atkbdc0 at isa? port IO_KBD > device atkbd0 at atkbdc? irq 1 flags 0x1 > device psm0 at atkbdc? irq 12 > device vga0 at isa? > pseudo-device splash > device sc0 at isa? flags 0x100 > device npx0 at nexus? port IO_NPX irq 13 > device apm0 at nexus? disable flags 0x20 > device sio0 at isa? port IO_COM1 flags 0x10 irq 4 > device sio1 at isa? port IO_COM2 irq 3 > device ppc0 at isa? irq 7 > device ppbus > device lpt > device miibus > device fxp > pseudo-device loop > pseudo-device ether > pseudo-device pty > pseudo-device md > pseudo-device bpf > device uhci > device ohci > device usb > device ugen > device uhid > device ukbd > device ulpt > device umass > device ums > device uscanner > device urio > device aue > device cue > device kue > > Here is the /etc/rc.conf > > gateway_enable="YES" > inetd_enable="YES" > kern_securelevel_enable="NO" > linux_enable="YES" > moused_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > ifconfig_fxp0="DHCP" > ifconfig_fxp1="inet 172.17.0.1 netmask 255.255.255.0" > hostname="The-Server.KnightRaven.com" > firewall_enable="YES" > firewall_type="open" > firewall_quiet="NO" > natd_enable="YES" > natd_flags="-f /etc/natd.conf" > natd_interface="fxp0" > > Let me know if there are any other configuration files you need to look at... > > Any ideas or help is greatly appreciated! > > Thank you! > Devon
Remove option IPFIREWALL_FORWARD and option BRIDGE from you kernel and recompile. Josh To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
