Date: Tue, 24 May 2005 13:54:45 +0200 From: Joost Bekkers <joost@jodocus.org> To: Chris Knipe <savage@savage.za.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipf + ipfw + divert = no go Message-ID: <20050524115445.GA67204@bps.jodocus.org> In-Reply-To: <20050524113858.GA38897@savage.za.org> References: <20050524105605.GA37881@savage.za.org> <20050524113858.GA38897@savage.za.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 24, 2005 at 01:38:58PM +0200, Chris Knipe wrote: > On Tue, May 24, 2005 at 12:56:06PM +0200, Chris Knipe wrote: > > Hi, > > > > Quick question... > > > > dmesg: > > IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled > > ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 1024 packets/entry by default > > > > > > shell: > > bash-2.05b# ipfw add 50 fwd 192.168.0.237,3306 tcp from any to x.x.56.178 dst-port 3306 > > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > > bash-2.05b# whoami > > root > > bash-2.05b# > > > > What gives????? FreeBSD 5.4-STABLE > > > bash-2.05b# ipfw add 50 fwd 1.1.1.1,1 tcp from 1.1.1.1 to 1.1.1.1 dst-port 1 > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > bash-2.05b# ipfw add 50 allow ip from me to any > ipfw: getsockopt(IP_FW_ADD): Operation not permitted > bash-2.05b# At what securelevel are you running? You can use 'sysctl kern.securelevel' to check. -- greetz Joost joost@jodocus.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050524115445.GA67204>