Hi! I'm trying to get ipfilter running on FreeBSD and GNU/Linux, but I face some
issues with it : I started with ipf version 3.4.20 under FreeBSD.4-4. When I wanted to redirect packets from xl0 to tun0, I got a bad checksum, what caused my packets to be dropped. Here is the rule : pass in quick on xl0 to tun0 proto icmp all tcpdump on xl0 show a valid packet, whether tcpdump on tun0 shows me a packet whith "bad checksum" Actually the IP id of the packet is changed, which may be normal, and the checksum is changed too, but why does it get wrong? I though it was a bug, which was corrected in the current version(v4.1.10), so I tried to install it, but I get now this error : anthony # ipf -V ipf: IP Filter: v4.1.10 (396) open device: Device not configured however, I have read the mailing list, and have done everything was told there : anthony # ll /dev/ip* crw------- 1 root wheel 79, 3 Mar 9 11:44 /dev/ipauth crw------- 1 root wheel 79, 0 Mar 9 11:44 /dev/ipl crw------- 1 root wheel 79, 1 Mar 9 11:44 /dev/ipnat crw------- 1 root wheel 79, 2 Mar 9 11:44 /dev/ipstate anthony # grep IPFILTER /usr/src/sys/i386/conf/GENERIC options IPFILTER options IPFILTER_LOG anthony # grep ipfilter /usr/src/sys/i386/conf/GENERIC pseudo-device ipfilter # IP filter (firewall) and NAT anthony # kldstat Id Refs Address Size Name 1 3 0xc0100000 3a03b0 kernel 2 1 0xce7f4000 15000 ipl.ko 3 1 0xce845000 12000 linux.ko Crist J. Clark told me that the ipl.ko module should not be loaded, as I build IPFilter into the kernel. But the module appears when I build the kernel, is it normal? I also tried to use IPFilter on Fedora3, by installing from the sources found on the web site, and even if I load the module (modprobe ipfilter), I get this error: fedora # ipf -V ipf: IP Filter: v4.1.10 (388) open device: Device not configured However the module is loaded : fedora # lsmod|grep ip ipfilter 169112 0 ipv6 232577 8 So I make the devices: mknod /dev/ipl c 79 0 mknod /dev/ipnat c 79 1 mknod /dev/ipstate c 79 2 mknod /dev/ipauth c 79 3 and I get this : fedora # ipf -V ipf: IP Filter: v4.1.10 (388) open device: No such device or address Any help for any of these problems? Regards Anthony ___________________________________________________________________________________ E-MAIL DISCLAIMER The present message may contain confidential and/or legally privileged information. If you are not the intended addressee and in case of a transmission error, please notify the sender immediately and destroy this E-mail. Disclosure, reproduction or distribution of this document and its possible attachments is strictly forbidden. SPACEBEL denies all liability for incomplete, improper, inaccurate, intercepted, (partly) destroyed, lost and/or belated transmission of the current information given that unencrypted electronic transmission cannot currently be guaranteed to be secure or error free. Upon request or in conformity with formal, contractual agreements, an originally signed hard copy will be sent to you to confirm the information contained in this E-mail. SPACEBEL denies all liability where E-mail is used for private use. SPACEBEL cannot be held responsible for possible viruses that might corrupt this message and/or your computer system. ____________________________________________________________________________________
