Date: Sat, 24 May 2003 20:53:44 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Jason Dambrosio <jason@wiz.cx> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 broken in -current? Message-ID: <20030524175344.GB42456@sunbay.com> In-Reply-To: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net> References: <4156.24.165.50.248.1053753630.squirrel@webmail.tekgenesis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--DBIVS5p969aUjpLe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 23, 2003 at 10:20:30PM -0700, Jason Dambrosio wrote: > # ipfw show > 65535 2875 1377389 deny ip from any to any > # ping lava.net > PING lava.net (64.65.64.17): 56 data bytes > 64 bytes from 64.65.64.17: icmp_seq=3D0 ttl=3D242 time=3D58.529 ms > # ipfw add 100 divert natd ip from any to any via bge0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > ipfw: opcode 50 size 1 wrong > # uname -a > FreeBSD test-server 5.1-BETA FreeBSD 5.1-BETA #12: Fri May 23 18:11:41 HS= T 2003 >=20 > I have: >=20 > options IPDIVERT > options IPSTEALTH > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=3D0 > options IPFIREWALL_DEFAULT_TO_ACCEPT >=20 > and >=20 > sysctl net.inet.ip.forwarding=3D1 > sysctl net.inet.ip.fastforwarding=3D1 > sysctl net.inet.ip.stealth=3D1 >=20 grep ipfw /var/run/dmesg.boot, if it says "divert disabled" it means that you forgot to recompile/reinstall your kernel properly with the "options IPDIVERT". Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --DBIVS5p969aUjpLe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+z7GoUkv4P6juNwoRAkkwAJ99hOXKKvFBA77KVguW41IMcIcv9ACbBrhl xbW/+kvzJnByGEqQL2k9vBA= =PH0F -----END PGP SIGNATURE----- --DBIVS5p969aUjpLe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030524175344.GB42456>