From owner-freebsd-questions Wed Feb 14 15:45:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sylvester.dsj.net (sylvester.dsj.net [208.148.155.228]) by hub.freebsd.org (Postfix) with ESMTP id 5844337B491 for ; Wed, 14 Feb 2001 15:45:37 -0800 (PST) Received: (from dsj@localhost) by sylvester.dsj.net (8.9.3/8.9.3/Debian 8.9.3-21) id SAA29391 for freebsd-questions@freebsd.org; Wed, 14 Feb 2001 18:45:35 -0500 Date: Wed, 14 Feb 2001 18:45:34 -0500 From: "David S. Jackson" To: freebsd-questions@freebsd.org Subject: can't load ipfw: Operation not permitted Message-ID: <20010214184534.A26426@sylvester.dsj.net> Reply-To: "David S. Jackson" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm trying to make this host, 192.168.1.106, act as gateway for the rest of my home network. I'm using a 4.2 Release stock kernel on a 486 connecting to a DSL router and to my ISP. I can ping from the 486 to anywhere on the Net, but I can't ping from within my homenet past my 486. Likewise, I can ping my homenet hosts from the 486 (except for one, but that's another story). So, I think my problem is with making ipfw work. I've already turned on ipforwarding (I hope) with #sysctl -w net.inet.ip.forwarding=1 The error I get when I start /etc/startnet on my 486 DX2 with FBSD 4.2 (with stock kernel) is: =====snip======== ep0: flags=8843 mtu 1500 inet6 fe80::2a0:24ff:fe03:73cd%ep0 prefixlen 64 scopeid 0x1 inet 192.168.1.106 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:a0:24:03:73:cd media: 10baseT/UTP supported media: 10base2/BNC 10baseT/UTP 10base5/AUI ed1: flags=8843 mtu 1500 inet6 fe80::250:baff:fe6f:c67d%ed1 prefixlen 64 scopeid 0x2 inet 208.148.151.43 netmask 0xffffff00 broadcast 208.148.151.255 ether 00:50:ba:6f:c6:7d lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 kldload: can't load ipfw: Operation not permitted Warning: firewall kernel module failed to load. Additional routing options: tcp extensions=NO IP gateway=YES TCP keepalive=YES. routing daemons: routed. routed: bind(rip_sock): Address already in use; giving up =====snip===== I've fixed up my rc.firewall file according the handbook and included instructions. Relevant parts of my /etc/rc.conf file are: ===snip=== kern_securelevel="1" kern_securelevel_enable="YES" sendmail_enable="YES" portmap_enable="NO" nfs_server_enable="NO" inetd_enable="YES" gateway_enable="YES" router_flags="-q" router="routed" router_enable="YES" natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="ed1" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. ### Basic network and firewall/security options: ### firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file ===snip=== My routing table is: ====snip==== Internet: Destination Gateway Flags Refs Use Netif Expire default 208.148.151.1 UGSc 2 152 ed1 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.1 link#1 UC 0 0 ep0 => 192.168.1.100 0:a0:24:bf:41:f4 UHLW 1 1723 ep0 467 192.168.1.105/32 0:40:5:e4:e8:42 ULS2c 0 7 ep0 208.148.151 link#2 UC 0 0 ed1 => 208.148.151.1 link#2 UHLW 1 30707 ed1 => 208.148.151.1 0:80:c8:ca:19:2b UHLS2 0 0 ed1 ====snip==== Sorry for the long post, but I wanted to give you too much info rather than too little. :-) What am I missing? Thanks in advance! -- David S. Jackson dsj@dsj.net =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I worked in a health food store once. A guy came in and asked me, "If I melt dry ice, can I take a bath without getting wet?" -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message