Date: Wed, 14 Feb 2001 18:45:34 -0500 From: "David S. Jackson" <dsj@sylvester.dsj.net> To: freebsd-questions@freebsd.org Subject: can't load ipfw: Operation not permitted Message-ID: <20010214184534.A26426@sylvester.dsj.net>
next in thread | raw e-mail | index | archive | help
I'm trying to make this host, 192.168.1.106, act as gateway for
the rest of my home network. I'm using a 4.2 Release stock
kernel on a 486 connecting to a DSL router and to my ISP. I can
ping from the 486 to anywhere on the Net, but I can't ping from
within my homenet past my 486. Likewise, I can ping my homenet
hosts from the 486 (except for one, but that's another story).
So, I think my problem is with making ipfw work. I've already
turned on ipforwarding (I hope) with
#sysctl -w net.inet.ip.forwarding=1
The error I get when I start /etc/startnet on my 486 DX2 with
FBSD 4.2 (with stock kernel) is:
=====snip========
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::2a0:24ff:fe03:73cd%ep0 prefixlen 64 scopeid 0x1
inet 192.168.1.106 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:a0:24:03:73:cd
media: 10baseT/UTP
supported media: 10base2/BNC 10baseT/UTP 10base5/AUI
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::250:baff:fe6f:c67d%ed1 prefixlen 64 scopeid 0x2
inet 208.148.151.43 netmask 0xffffff00 broadcast 208.148.151.255
ether 00:50:ba:6f:c6:7d
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
kldload: can't load ipfw: Operation not permitted
Warning: firewall kernel module failed to load.
Additional routing options: tcp extensions=NO IP gateway=YES TCP keepalive=YES.
routing daemons: routed.
routed: bind(rip_sock): Address already in use; giving up
=====snip=====
I've fixed up my rc.firewall file according the handbook and
included instructions.
Relevant parts of my /etc/rc.conf file
are:
===snip===
kern_securelevel="1"
kern_securelevel_enable="YES"
sendmail_enable="YES"
portmap_enable="NO"
nfs_server_enable="NO"
inetd_enable="YES"
gateway_enable="YES"
router_flags="-q"
router="routed"
router_enable="YES"
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="ed1" # Public interface or IPaddress to use.
natd_flags="" # Additional flags for natd.
### Basic network and firewall/security options: ###
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="YES" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
===snip===
My routing table is:
====snip====
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 208.148.151.1 UGSc 2 152 ed1
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.1 link#1 UC 0 0 ep0 =>
192.168.1.100 0:a0:24:bf:41:f4 UHLW 1 1723 ep0 467
192.168.1.105/32 0:40:5:e4:e8:42 ULS2c 0 7 ep0
208.148.151 link#2 UC 0 0 ed1 =>
208.148.151.1 link#2 UHLW 1 30707 ed1 =>
208.148.151.1 0:80:c8:ca:19:2b UHLS2 0 0 ed1
====snip====
Sorry for the long post, but I wanted to give you too much info
rather than too little. :-)
What am I missing?
Thanks in advance!
--
David S. Jackson dsj@dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I worked in a health food store once. A guy came in
and asked me, "If I melt dry ice, can I take a bath
without getting wet?" -- Steven Wright
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010214184534.A26426>