Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Oct 2001 09:47:04 +0200
From:      "Patrick O'Reilly" <patrick@mip.co.za>
To:        "Diego" <diego@bcgames.com.br>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: problem with ip_fw_ctl!
Message-ID:  <NDBBIMKICMDGDMNOOCAIAEAGDMAA.patrick@mip.co.za>
In-Reply-To: <000001c15c46$b88562e0$b7ddbfc8@drean>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.

------=_NextPart_000_00C9_01C15C70.D698B870
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Diego,

Did you also add:
options         IPDIVERT
to your kernel config?

My kernel config for firewalls is usually like so:
options         IPFIREWALL                        #firewall
options         IPFIREWALL_VERBOSE      #print information about
options         IPFIREWALL_FORWARD     #enable transparent proxy support
options         IPDIVERT                            #divert sockets
options         DUMMYNET

See LINT.

Regards,
Patrick.
  -----Original Message-----
  From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Diego
  Sent: 24 October 2001 06:45
  To: freebsd-questions@FreeBSD.ORG
  Subject: problem with ip_fw_ctl!


  I need help i recompile my kernel with all options about FIREWALL...but
ipdivert and forward not work, send this message

  Oct 24 02:14:09 bcgames /kernel: ip_fw_ctl: invalid command

  My sysctl:
  kern.maxfiles: 32808
  kern.maxfilesperproc: 32808
  net.inet.ip.maxfragpackets: 4224
  kern.maxusers: 1024
  -> I find that he is correct


  I do not know more what to make!

  thank´s

  I wait reply



------=_NextPart_000_00C9_01C15C70.D698B870
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001>Diego,</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D781544207-24102001>Did=20
you also add:</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;=20
IPDIVERT</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D781544207-24102001>to=20
your kernel config?</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D781544207-24102001>My=20
kernel config for firewalls is usually like so:</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;=20
IPFIREWALL&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
#firewall<BR>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IPFIREWALL_VERBOSE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #print information=20
about<BR>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IPFIREWALL_FORWARD&nbsp;&nbsp;&nbsp;&nbsp; #enable transparent proxy=20
support<BR>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IPDIVERT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #divert=20
sockets<BR>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
DUMMYNET<BR></SPAN></FONT></DIV><FONT color=3D#0000ff face=3DArial =
size=3D2><SPAN=20
class=3D781544207-24102001>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D781544207-24102001>See=20
LINT.</SPAN></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards,</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D781544207-24102001>Patrick.</DIV></SPAN></FONT>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px">
  <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B>=20
  owner-freebsd-questions@FreeBSD.ORG=20
  [mailto:owner-freebsd-questions@FreeBSD.ORG]<B>On Behalf Of=20
  </B>Diego<BR><B>Sent:</B> 24 October 2001 06:45<BR><B>To:</B>=20
  freebsd-questions@FreeBSD.ORG<BR><B>Subject:</B> problem with=20
  ip_fw_ctl!<BR><BR></DIV></FONT>
  <DIV><FONT face=3DArial size=3D2>I&nbsp;need help i recompile my =
kernel with all=20
  options about FIREWALL...but ipdivert and forward not work, send this=20
  message</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Oct 24 02:14:09 bcgames /kernel: =
ip_fw_ctl:=20
  invalid command</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>My sysctl:</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>kern.maxfiles: =
32808<BR>kern.maxfilesperproc:=20
  32808<BR>net.inet.ip.maxfragpackets: 4224</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>kern.maxusers: 1024</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>-&gt; I find that he is =
correct<BR></FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>I do not know more what to =
make!</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>thank=B4s</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>I wait=20
reply<BR><BR></DIV></BLOCKQUOTE></FONT></BODY></HTML>

------=_NextPart_000_00C9_01C15C70.D698B870--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIAEAGDMAA.patrick>