Date: Tue, 5 Apr 2011 17:30:00 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Sebastian Ramadan <seb@geekycode.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipdivert.ko Message-ID: <20110405171357.A90530@sola.nimnet.asn.au> In-Reply-To: <20110405001255.3ECFC1065730@hub.freebsd.org> References: <20110405001255.3ECFC1065730@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 357, Issue 3, Message: 8 On Tue, 5 Apr 2011 00:58:50 +0930 Sebastian Ramadan <seb@geekycode.net> wrote: > I wish to cause ipdivert.ko to load at boot time. Currently, ipfw.ko loads > correctly at boot time with ipfw_load="YES" in /boot/loader.conf, but > ipdivert.ko does not load at boot time with ipdivert_load="YES". I'm able to > load it using kldload, though. dmesg doesn't seem to be giving any clues as > to why ipdivert won't load... What am I doing wrong? > > Regards, Sebastian Ramadan. > My uname -a, /boot/loader.conf, kldstat and a successful load of ipdivert > using kldload after boot time: > domU-12-31-39-02-15-3A# uname -a > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb > 21 20:13:46 UTC 2011 > root@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN > i386 > domU-12-31-39-02-15-3A# cat /boot/loader.conf > ipfw_load="YES" > ipdivert_load="YES" > domU-12-31-39-02-15-3A# kldstat > Id Refs Address Size Name > 1 8 0xc0000000 40000000 kernel > 2 1 0xc2bb3000 10000 ext2fs.ko > 3 1 0xc2d1f000 11000 ipfw.ko > 4 1 0xc2d30000 d000 libalias.ko Hmm, I'm a bit curious as to why libalias.ko was loaded. You don't have 'firewall_nat_enable="YES"' in rc.conf, do you? Anyway, loader.conf isn't the way to go for loading ipfw or ipdivert (presumably for use by natd?) these days. Instead you want these in /etc/rc.conf: ipfw_enable="YES" natd_enable="YES" plus any required ipfw_ and natd_ variables (see /etc/defaults/rc.conf) Then /etc/rc.d/ipfw will load ipfw.ko, and if natd_enable is set, will invoke /etc/rc.d/natd, which loads ipdivert.ko at the right time. > domU-12-31-39-02-15-3A# uname -a > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb > 21 20:13:46 UTC 2011 > root@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN > i386 > domU-12-31-39-02-15-3A# kldload ipdivert > domU-12-31-39-02-15-3A# kldstat > Id Refs Address Size Name > 1 10 0xc0000000 40000000 kernel > 2 1 0xc2bb3000 10000 ext2fs.ko > 3 2 0xc2d1f000 11000 ipfw.ko > 4 1 0xc2d30000 d000 libalias.ko > 5 1 0xc3cc7000 4000 ipdivert.ko > > My dmesg: > domU-12-31-39-02-15-3A# dmesg > Copyright (c) 1992-2011 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD is a registered trademark of The FreeBSD Foundation. > FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 > root@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 [..] > start_init: trying /sbin/init > ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based > forwarding disabled, default to deny, logging disabled > ipfw0: bpf attached There are a number of outstanding PRs regarding module loading by natd and (if used) firewall_nat, and the use of these by /etc/rc.firewall. If enabling natd in rc.conf instead doesn't fix your issue, write to me privately and I'll put you onto some patches - but unless you're also (or instead) using kernel NAT (ipfirewall_nat - which needs to load libalias.ko) then the above settings should do you. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110405171357.A90530>