Hi all An IPFW problem when going from release to stable on 8.2 An help gladly accepted LOG ON Flushed all rules. 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 00030 divert 8668 ip from any to any via bge0 ipfw: getsockopt(IP_FW_ADD): Invalid argument 50000 allow ip from any to any Firewall rules loaded. Starting natd. rc.conf defaultrouter="192.168.0.1" gateway_enable="YES" hostname="xxx.xxx.xxx" ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0" ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0" keymap="us.iso" moused_enable="YES" sshd_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" natd_program="/sbin/natd" natd_enable="YES" natd_interface="bge0" natd_flags="-f /etc/natd.conf" dhcpd_enable="NO" dhcpd_flags="-q" dhcpd_conf="/usr/local/etc/dhcpd.conf" dhcpd_ifaces="em0" dhcpd_withumask="022" natd.conf interface bge0 use_sockets yes same_ports yes log #redirect_port tcp 192.168.1.189:3389 3389 #redirect_port tcp 192.168.1.53:5500 5500 #!/bin/sh /sbin/ipfw -f flush /sbin/ipfw -f pipe flush #Nat Rules /sbin/ipfw add 10 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 /sbin/ipfw add 30 divert natd all from any to any via bge0 #Forward to Transparent Proxy Server #/sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80 #/sbin/ipfw add 10010 fwd 127.0.0.1,3128 tcp from 10.0.21.2 to any 80 /sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80 /sbin/ipfw add 50000 allow ip from any to any KERNEL options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options DUMMYNET Regards
Might be an ipv6 issue. Try divert ipv4 not ip. -- Michael Scheidell CTO SECNAP Network Security 561-948-2259<tel:5619482259> -----Original message----- From: Dave Johnson <ctfreebsd@gmail.com> To: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Sent: Sun, Mar 6, 2011 14:56:12 GMT+00:00 Subject: Kernel Update / IPFW not working Hi all An IPFW problem when going from release to stable on 8.2 An help gladly accepted LOG ON Flushed all rules. 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 00030 divert 8668 ip from any to any via bge0 ipfw: getsockopt(IP_FW_ADD): Invalid argument 50000 allow ip from any to any Firewall rules loaded. Starting natd. rc.conf defaultrouter="192.168.0.1" gateway_enable="YES" hostname="xxx.xxx.xxx" ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0" ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0" keymap="us.iso" moused_enable="YES" sshd_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" natd_program="/sbin/natd" natd_enable="YES" natd_interface="bge0" natd_flags="-f /etc/natd.conf" dhcpd_enable="NO" dhcpd_flags="-q" dhcpd_conf="/usr/local/etc/dhcpd.conf" dhcpd_ifaces="em0" dhcpd_withumask="022" natd.conf interface bge0 use_sockets yes same_ports yes log #redirect_port tcp 192.168.1.189:3389 3389 #redirect_port tcp 192.168.1.53:5500 5500 #!/bin/sh /sbin/ipfw -f flush /sbin/ipfw -f pipe flush #Nat Rules /sbin/ipfw add 10 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 /sbin/ipfw add 30 divert natd all from any to any via bge0 #Forward to Transparent Proxy Server #/sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80 #/sbin/ipfw add 10010 fwd 127.0.0.1,3128 tcp from 10.0.21.2 to any 80 /sbin/ipfw add 10001 fwd 127.0.0.1,3128 tcp from any to any 80 /sbin/ipfw add 50000 allow ip from any to any KERNEL options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options DUMMYNET Regards _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
On 06/03/2011 14:23, Dave Johnson wrote:> An IPFW problem when going from release to stable on 8.2 > > An help gladly accepted > > LOG ON > > Flushed all rules. > 00010 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 > 00030 divert 8668 ip from any to any via bge0 > ipfw: getsockopt(IP_FW_ADD): Invalid argument > 50000 allow ip from any to any > Firewall rules loaded. > Starting natd. > > rc.conf > defaultrouter="192.168.0.1" > gateway_enable="YES" > hostname="xxx.xxx.xxx" > ifconfig_bge0="inet 192.168.0.11 netmask 255.255.255.0" > ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.0" > keymap="us.iso" > moused_enable="YES" > sshd_enable="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > natd_program="/sbin/natd" > natd_enable="YES" > natd_interface="bge0" > natd_flags="-f /etc/natd.conf" > dhcpd_enable="NO" > dhcpd_flags="-q" > dhcpd_conf="/usr/local/etc/dhcpd.conf" > dhcpd_ifaces="em0" > dhcpd_withumask="022" > > ... [additional config which doesn't further isolate the problem snipped] ...It's a bug with the ipfw / natd startup scripts. See: http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/148137 http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/148928 http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/153155 The latter has a patch to fix the problem.