From owner-freebsd-isp@FreeBSD.ORG Sun May 18 02:51:11 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18F7537B401; Sun, 18 May 2003 02:51:11 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2D8C43FAF; Sun, 18 May 2003 02:51:09 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h4I9p7dP087649 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 18 May 2003 10:51:07 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h4I9p6gi087644; Sun, 18 May 2003 10:51:06 +0100 (BST) (envelope-from matthew) Date: Sun, 18 May 2003 10:51:06 +0100 From: Matthew Seaman To: Rohit Neupane Message-ID: <20030518095106.GB14471@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Rohit Neupane , freebsd-isp@freebsd.org, freebsd-questions@freebsd.org References: <3EC723F7.9090001@wlink.com.np> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yEPQxsgoJgBvi8ip" Content-Disposition: inline In-Reply-To: <3EC723F7.9090001@wlink.com.np> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-38.8 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Transproxy and ipfw X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 May 2003 09:51:11 -0000 --yEPQxsgoJgBvi8ip Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 18, 2003 at 11:56:03AM +0545, Rohit Neupane wrote: > Hi, > `ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80` returns ipfw:=20 > getsockopt(IP_FW_ADD): Invalid argument >=20 > I'm running FreeBSD 4.6 with the default kernel. I guess=20 > IPFIREWALL_FORWARD option is enabled in kernel. > Do i need to enable it in /etc/rc.conf? if so then how? ipfw(8) is not enabled in the GENERIC kernel. You've got two choices: i) build yourself a custom kernel with the appropriate options --- at least: options IPFIREWALL and probably such things as options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3D128 options IPDIVERT (IPDIVERT is needed if you're going to using ipfw(8) and natd(8)) --- see /usr/src/sys/i386/conf/LINT for details of what's available. ii) Load the ipfw.ko kernel module into your kernel at boot time. You can see which kernel modules you have loaded by: # kldstat and you can load the ipfw module by: # kldload ipfw However, in the specific case of ipfw(8), you can arrange for all necessary kernel modules to be loaded at boot time by setting: firewall_enable=3D"YES" in /etc/rc.conf --- you'll need that even if you've compiled a kernel with ipfw support built in. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --yEPQxsgoJgBvi8ip Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+x1eKdtESqEQa7a0RAsonAKCRkH4YBGa3Af64uUYr1yj/0sQF3gCfWpbw lHPzMNWlkYRwCNA+hYayZH8= =mxMy -----END PGP SIGNATURE----- --yEPQxsgoJgBvi8ip--