Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Jan 2005 21:53:16 -0200
From:      =?ISO-8859-2?Q?Juliao_Braga_-_PegasusR?= <juliao@braga.eti.br>
To:        <freebsd-ipfw@freebsd.org>
Cc:        jatyr@funec.br
Subject:   ipfw: opcode 51 size 1 wrong
Message-ID:  <007a01c4fb5d$631c8400$c4f5fea9@ursa>
References:  <41E04D6B.3020801@mr0vka.eu.org> <20050111115411.V40364@gateway.posi.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

FreeBSD Release 5.3 donīt recognize NAT. I'd search the list and found
nothing about. The response is: "ipfw: getsockopt(IP_FW_ADD): Invalid
argument" over the following divert rules:
...
inti="rl0"
...
# Nat
${cmd} 00300 divert natd all from 192.168.1.0/24 to any out via ${inti}
${cmd} 00310 divert natd all from any to 192.168.100.7 in via ${inti}
...

This is the other box parameters:

1. Kernel:

...
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         IPSTEALTH
options         DUMMYNET
options         HZ=1000
...

2.  Nat (/usr/local/etc/rc.d):

#!/bin/sh
natd -interface rl0

3. # dmesg | egrep divert:

ipfw2 initialized, divert enabled, rule-based forwarding disabled, default
to accept, logging limited to 100 packets/entry by default

4. Last 2 lines of # dmesg:

ipfw: opcode 51 size 1 wrong
ipfw: opcode 51 size 1 wrong

5. # uname -a:

FreeBSD gustavo.funec.br 5.3-STABLE FreeBSD 5.3-STABLE #0: Thu Dec 16
19:10:55 BRST 2004     root@gustavo.funec.br:/usr/obj/usr/src/sys/GUSTAVO
i386

6. rc.conf:

defaultrouter="192.168.100.1"
gateway_enable="YES"
hostname="gustavo.funec.br"
#ifconfig_rl0="inet 192.168.100.7  netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.1  netmask 255.255.255.0"
linux_enable="NO"
sshd_enable="YES"
sendmail_enable="NONE"
natd_enable="YES"                   # Enable NATD function
natd_interface="rl0"                # interface name of public Internet NIC
natd_flags="-dynamic -m"            # -m = preserve port numbers if possible

Thank you for any help!

Juliao
---
Rede PegasusR
http://www.redepegasus.com.br

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007a01c4fb5d$631c8400$c4f5fea9>