Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IPFW troubles on 3.4-R

0 views
Skip to first unread message

ad...@mindspring.com

unread,
Dec 30, 1999, 3:00:00 AM12/30/99
to
I'm having some trouble getting rc.firewall (et al) to play nice.
Here's the last few lines of dmesg:

changing root device to wd0s1a
IP packet filtering initialized, divert disabled, rule-based forwarding disabled, logging disabled
ip_fw_ctl: invalid command

uname -a gives:(no surprises)
FreeBSD myhost.mydom.org 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Mon Dec 20 06:54:39 GMT 1999 j...@time.cdrom.com:/usr/src/sys/compile/GENERIC i386

The result is that with rc.firewall configured to simple or client no traffic makes it out of the (natd) internal net (or console) into the world. Pings fail on permission.(I understand this is because of the default deny in the kernel, which is a good thing...) With it on 'open' natd, ppp, and everyone else do fine (mozilla even on a client box)..

I just need to know if there is something hinky going on with this build (3.4-Release) or what I'm doing that is so moronic..

I will be a bit more forthcoming about configuration specifics if need be.

TIA,
ad...@adric.com

"Where is it written that quiet reflection can't be combined with cake and silly hats?" --Xander,BtVS


To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Gene Harris

unread,
Dec 30, 1999, 3:00:00 AM12/30/99
to

On Thu, 30 Dec 1999 ad...@mindspring.com wrote:

> I'm having some trouble getting rc.firewall (et al) to play nice.
> Here's the last few lines of dmesg:
>

Can you execute your firewall script from the command
prompt? su to root and then try ./rc.firewall. It should
execute just like it did before the upgrade.

> changing root device to wd0s1a
> IP packet filtering initialized, divert disabled, rule-based forwarding disabled, logging disabled
> ip_fw_ctl: invalid command
>

What the heck is ip_fw_ctl? I use ipfw on my machine. Has
your rc.firewall script become corrupted?

You should be able to enter some manual commands from your
firewall script to verify that your system is forwarding
packets and filtering properly.

If you enter "ipfw -F; ipfw add pass any from any via fxp0"
or whatever your network card is, your network should open
up and act ok. This would indicate you have a syntax error
in your script.

Gene Harris

Pete Young

unread,
Dec 30, 1999, 3:00:00 AM12/30/99
to
> I'm having some trouble getting rc.firewall (et al) to play nice.
> Here's the last few lines of dmesg:
>
> changing root device to wd0s1a
> IP packet filtering initialized, divert disabled, rule-based forwarding disabled, logging
> disabled
> ip_fw_ctl: invalid command

You need to compile a new kernel with

option IPFIREWALL
option IPDIVERT

0 new messages