Hello,
I am using ipfw + natd for my firewall. For the longest time, there has been one obstacle that I have done a manual workaround for:
When the firewall is booted, the rule for natd isn't working, I get an error message instead. Relevant output (transcribed, as it doesn't get logged anywhere I could find):
and here is the corresponding ipfw commands from my firewall script:
From the console output, I can see that natd is started after ipfw is loaded:
The point is that if I manually run my firewall script after the firewall has been booted, everything works.
Is this because natd is started after ipfw, or am I missing something?
I am currently using FreeBSD 8.1-stable:
but this problem has existed as far back as I can remember. I had to rework my firewall today (new isp), that's the reason why I remembered it.
I am using ipfw + natd for my firewall. For the longest time, there has been one obstacle that I have done a manual workaround for:
When the firewall is booted, the rule for natd isn't working, I get an error message instead. Relevant output (transcribed, as it doesn't get logged anywhere I could find):
Code:
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
ipfw: getsockopt(IP_FW_ADD): Invalid argument
01100 deny ip from 10.1.0.0/16 to any via xl0
Code:
${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136
${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
iif="rl0"
inet="10.1.0.0"
imask="255.255.0.0"
iip="10.1.10.1"
# --- rules ---
# no spoofing, please
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
Code:
Firewall rules loaded.
Firewall logging enabled.
Starting natd.
Is this because natd is started after ipfw, or am I missing something?
I am currently using FreeBSD 8.1-stable:
Code:
root@kg-omni1# uname -a
FreeBSD kg-omni1.kg4.no 8.1-STABLE FreeBSD 8.1-STABLE #0: Sun Oct 17 12:35:38 CEST 2010
root@kg-i82.kg4.no:/usr/obj/usr/src/sys/GENERIC i386