Date: Thu, 18 Nov 2010 23:58:20 +0200 From: Mykola Dzham <i@levsha.me> To: freebsd-rc@FreeBSD.org Subject: rc.d/natd loads ipdivert.ko too late Message-ID: <20101118215820.GA4531@laptop.levsha.me>
next in thread | raw e-mail | index | archive | help
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Currently starting natd moved to separate script rc.d/natd . In this
script ipdivert is set in required_modules . But rc.d/natd called from
rc.firewall after loading firewall rules.
As result, when no ipdivert in kernel, firewall_type is OPEN or CLIENT
and natd_enable is set to yes, rc.firewall attempt to add rule
${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
and error
ipfw: getsockopt(IP_FW_ADD): Invalid argument
occurs.
I think correct solution is add natd_enable checking into ipfw prestart
function (patch attached). Is this correct?
--
LEFT-(UANIC|RIPE)
JID: levsha@jabber.net.ua
PGP fingerprint: 1BCD 7C80 2E04 7282 C944 B0E0 7E67 619E 4E72 9280
--PEIAKu/WMn1b1Hv9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101118215820.GA4531>