From owner-freebsd-hackers  Wed Sep  3 06:44:26 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id GAA12708
          for hackers-outgoing; Wed, 3 Sep 1997 06:44:26 -0700 (PDT)
Received: from gwydion.hns.st-louis.mo.us (gwydion.hns.st-louis.mo.us [199.217.245.240])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA12700
          for <freebsd-hackers@freebsd.org>; Wed, 3 Sep 1997 06:44:20 -0700 (PDT)
Received: (from kenth@localhost)
          by gwydion.hns.st-louis.mo.us (8.8.6/8.8.4)
	  id IAA25280 for freebsd-hackers@freebsd.org; Wed, 3 Sep 1997 08:43:10 -0500 (CDT)
From: Kent Hamilton <kenth@HNS.St-Louis.Mo.US>
Message-Id: <199709031343.IAA25280@gwydion.hns.st-louis.mo.us>
Subject: ipfw problem in 2.2.2
To: freebsd-hackers@freebsd.org
Date: Wed, 3 Sep 1997 08:43:10 -0500 (CDT)
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hmmm, I thought I sent this last night but I never saw it anywhere so
I'll try again....

I'm trying to use ipfw for the first time, and I've done the following:
  1.  Rebuild the kernel with:
      options	IPFIREWALL
      options	IPFIREWALL_VERBOSE
      options	IPDIVERT
      options	"IPFIREWALL_VERBOSE_LIMIT=50"
  2.  Changed rc.conf to firewall="simple"
  3.  Heavily modified rc.firewall
  4.  Reboot the box.

As soon as I try to load rules I get this:
/sbin/ipfw add 100 divert natd all from any to any via vx0
00100 ... rule here
ip_fw_ctl: neither in or out
[IP_FW_CTL] Invalid Argument

(I may have the syntax of the second error line wrong since
I'm doing it from memory and I don't have root access to the
machine remotely to test it.)

Can someone please tell me what I have wrong?  I get the same
error no matter what rule I try to add.

The configuration of the machine is:

Pentium 166 w/32MB RAM
FreeBSD-2.2.2
3 3Com XL cards
  vx0 - External Interface Class C address with subnet of 255.255.255.192
  vx1 - DMZ Interface Class C address with subnet of 255.255.255.192
  vx2 - Internal Interface using 172.16 internal addresses.

Suggestions on my stupid mistake happily accepted since I need this box
up asap....

-- 
Kent Hamilton                      Play:  KentH@HNS.St-Louis.MO.US
NIC Handle: KH91                    URL:  http://www2.hunter.com/~skh/
Blessed Be....                     Work:  KHamilton@Hunter.COM