Date: Sun, 4 Nov 2001 21:41:48 +0100 From: "pasca" <p_zoutendijk@hetnet.nl> To: "Jason Cribbins" <jasonc@concentric.net> Cc: <questions@freebsd.org> Subject: Re: Unable to get natd/ipfw to work properly Message-ID: <001b01c16571$338db7c0$0301a8c0@pascal> References: <Pine.BSF.4.21.0111032255140.10083-100000@cody.jharris.com> <001701c1656d$2f97c240$05d85c42@kibserv.org>
next in thread | previous in thread | raw e-mail | index | archive | help
as far as I can see you forgot to include your firewall in your kernel... add: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=20 to your firewall config file en recompile. Regards, Pascal Zoutendijk TBWA \ IT ----- Original Message ----- From: "Jason Cribbins" <jasonc@concentric.net> To: "Nick Rogness" <nick@rogness.net> Cc: <questions@FreeBSD.ORG> Sent: Sunday, November 04, 2001 9:13 PM Subject: Re: Unable to get natd/ipfw to work properly > I rebuilt the kernel using the directions found on > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html > using the "traditional" method since the "new" method wouldn't work > correctly. > I have confirmed the new kernel ident is displayed upon bootup. > > Now I am back top this again > IP packet filtering initialized, divert disabled, rule-based forwarding > disabled > , default to deny, logging disabled > > and this as well. > 7:58pm mail:~ # ipfw add divert natd all from any to any via lnc0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > 7:58pm mail:~ # > > What am I missing here? > > Here are the config file that may apply: > # - MYKERN - BEGIN - # > machine i386 > cpu I586_CPU > ident COMPAQ-KERN > maxusers 32 > #makeoptions DEBUG=-g #Build kernel with gdb(1) debug > symbols > options IPDIVERT #Requited by natd > options MATH_EMULATE #Support for x87 emulation > options INET #InterNETworking > #options INET6 #IPv6 communications protocols > options FFS #Berkeley Fast Filesystem > options FFS_ROOT #FFS usable as root device [keep > this!] > options SOFTUPDATES #Enable FFS soft updates support > #options MFS #Memory Filesystem > #options MD_ROOT #MD is a potential root device > #options NFS #Network Filesystem > #options NFS_ROOT #NFS usable as root device, NFS > required > #options MSDOSFS #MSDOS Filesystem > #options CD9660 #ISO 9660 Filesystem > #options CD9660_ROOT #CD-ROM usable as root, CD9660 > required > options PROCFS #Process filesystem > options COMPAT_43 #Compatible with BSD 4.3 [KEEP > THIS!] > options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI > options UCONSOLE #Allow users to grab the console > options USERCONFIG #boot -c editor > options VISUAL_USERCONFIG #visual boot -c editor > options KTRACE #ktrace(1) support > #options SYSVSHM #SYSV-style shared memory > #options SYSVMSG #SYSV-style message queues > #options SYSVSEM #SYSV-style semaphores > options P1003_1B #Posix P1003_1B real-time extensions > options _KPOSIX_PRIORITY_SCHEDULING > options ICMP_BANDLIM #Rate limit bad replies > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > # To make an SMP kernel, the next two are needed > #options SMP # Symmetric MultiProcessor Kernel > #options APIC_IO # Symmetric (APIC) I/O > # - MYKERN - END - # > The rest is devices and all devices for INET are working fine > > # - /etc/rc.conf - BEGIN - # > # NAT Settings > gateway_enable="YES" > natd_enable="YES" > natd_interface="lnc0" > natd_flags="-f /etc/local/etc/natd.cf" > firewall_enable="YES" > firewall_type="OPEN" > # - /etc/rc.conf - END - # > > # - /usr/local/etc/natd.cf - BEGIN - # > log yes > use_sockets no > same_ports yes > interface lnc0 > # - /usr/local/etc/natd.cf - END - # > > # - ifconfig - BEGIN - # > lnc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 66.92.216.6 netmask 0xffffff00 broadcast 66.92.216.255 > ether 00:80:5f:f4:10:42 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 > ether 00:02:2a:b0:6f:0e > media: autoselect (none) status: active > supported media: autoselect 100baseTX <full-duplex> 100baseTX > 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > # - ifconfig - END - # > > Unsure what else you may need? Let me know. I have one DSL line down and > this is a temporary fix for what may be a long term outage. > > ----- Original Message ----- > From: "Nick Rogness" <nick@rogness.net> > To: "Jason Cribbins" <jasonc@concentric.net> > Cc: <questions@FreeBSD.ORG> > Sent: Sunday, November 04, 2001 12:13 AM > Subject: Re: Unable to get natd/ipfw to work properly > > > > On Sat, 3 Nov 2001, Jason Cribbins wrote: > > > > > Can someone help me past this error I am getting when trying to use > > > natd and ipfw > > > > > Nov 4 04:24:33 mail /kernel: IP packet filtering initialized, > > >divert disabled, rule-based forwarding disabled, default to deny, logging > > ^^^^^^^^^^^^^^^ > > > > This is your problem, you need to build a kernel with: > > > > options IPDIVERT > > > > > > > > Nick Rogness <nick@rogness.net> > > - Keep on Routing in a Free World... > > "FreeBSD: The Power to Serve!" > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c16571$338db7c0$0301a8c0>