Hi.

I don't know what I'am doing wrong but I can't enable NAT at startup, every reboot shows error: ipfw: getsockopt(IP_FW_ADD): Invalid argument
at the divert line yet I can add the rule once the system has started

in rc.conf I have:

firewall_enable="YES"
firewall_type="OPEN"
gateway_enable="YES"
natd_enable="YES"
natd_interface="re0"

kldstat:

Id Refs Address Size Name
1 17 0xc0400000 bb5384 kernel
2 2 0xc605b000 11000 ipfw.ko
3 1 0xc606c000 d000 libalias.ko
4 1 0xc6119000 4000 ipdivert.ko
5 1 0xc62e8000 2000 wlan_xauth.ko
6 1 0xc6371000 68000 radeon.ko
7 1 0xc63d9000 14000 drm.ko


and dmesg | grep divert

ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled

We're you ever able to resolve this as I have the EXACT same issue. This config worked for a while too but somewhere in upgrading to the latest FreeBSD it got broken.

Thanks!
Rusty Nejdl

This might be a problem if the NAT module hasn't been loaded when ipfw is initializing.

Try setting ipdivert_load="YES" in /boot/loader.conf

Load the ipfw_nat.ko kernel module and use in-kernel NAT.


kldload ipfw_nat
ipfw nat 1 config if re0
ipfw add nat 1 ip4 from any to any via re0

That's what I ended up doing for the ipnat stuff was simply to compile it into the kernel instead of as kernel modules as something is messed up on that as most of my kernel modules just don't load, without any error. NVIDIA, AIO, HTTP_*, VIRTUALBOX, they are just plain skipped.