Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Feb 2001 06:20:00 +0100
From:      Fenix <fenix@xs4some.net>
To:        Tim DeBoer <deboert@cornhusker.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Newbie fun with natd/ipfw
Message-ID:  <01020106200003.00362@xs4some.net>
In-Reply-To: <4.3.2.7.2.20010131212130.00a8a6c0@mail.cornhusker.net>
References:  <4.3.2.7.2.20010131212130.00a8a6c0@mail.cornhusker.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
You probably must reduce your kernel security level to be able to manipulate 
firewall rules
check /etc/rc.conf
On Thursday 01 February 2001 04:43, you wrote:
> Hi Everyone,
> I'm trying to get natd/ipfw to work properly.
> I did a custom kernel with the following options (Yes, it's using the new
> kernel)
> options         IPFIREWALL              # ipfw-firewall support
> options         IPFIREWALL_VERBOSE      # optional
> options         IPFIREWALL_FORWARD      # optional
> options         IPFIREWALL_VERBOSE_LIMIT=100    # limit verbosity
> options         IPDIVERT                # divert sockets (for natd)
>
> When I try to block all telnet traffic to this interface, I get...
> # ipfw add deny tcp from any to 192.168.0.1 23
> ipfw: getsockopt(IP_FW_ADD): Protocol not available
>
> IP_FW_ADD????
> I haven't seen that option anywhere in the docs, or am I not reading this
> correctly?
>
> Anyway, if I follow some advice from the archives; previous questions
> related to this...
> # kldload ipfw
> kldload: can't load ipfw: Operation not permitted
>
> If I try to see my current rule set (none, I know)
> # ipfw show
> ipfw: getsockopt(IP_FW_GET): Protocol not available
> Again, I haven't seen that option anywhere in the docs, am I still not
> reading this correctly?
>
> Can anyone point me in the right direction here?
>
> Thanks!
>
> Tim DeBoer
> http://www.snarfy.com
>
> It is by caffeine alone I set my mind in motion.
> It is by the beans of Java that thoughts acquire speed, the hands acquire
> shaking,
> the shaking becomes a warning.
> It is by caffeine alone I set my mind in motion.
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 

If you have to hate, hate gently ....


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01020106200003.00362>