IPFW and nat problem

Criosphinx

Criosphinx

Hi.

I don't know what I'am doing wrong but I can't enable NAT at startup, every reboot shows error:
Code: 
ipfw: getsockopt(IP_FW_ADD): Invalid argument
at the divert line yet I can add the rule once the system has started

in rc.conf I have:

Code: 
firewall_enable="YES"
firewall_type="OPEN"
gateway_enable="YES"
natd_enable="YES"
natd_interface="re0"

kldstat:

Code: 
Id Refs Address    Size     Name
 1   17 0xc0400000 bb5384   kernel
 2    2 0xc605b000 11000    ipfw.ko
 3    1 0xc606c000 d000     libalias.ko
 4    1 0xc6119000 4000     ipdivert.ko
 5    1 0xc62e8000 2000     wlan_xauth.ko
 6    1 0xc6371000 68000    radeon.ko
 7    1 0xc63d9000 14000    drm.ko

and dmesg | grep divert

Code: 
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled
 
Same NAT issue

We're you ever able to resolve this as I have the EXACT same issue. This config worked for a while too but somewhere in upgrading to the latest FreeBSD it got broken.

Thanks!
Rusty Nejdl
 
This might be a problem if the NAT module hasn't been loaded when ipfw is initializing.

Try setting ipdivert_load="YES" in /boot/loader.conf
 
Load the ipfw_nat.ko kernel module and use in-kernel NAT.

Code: 
kldload ipfw_nat
ipfw nat 1 config if re0
ipfw add nat 1 ip4 from any to any via re0
 
That's what I ended up doing for the ipnat stuff was simply to compile it into the kernel instead of as kernel modules as something is messed up on that as most of my kernel modules just don't load, without any error. NVIDIA, AIO, HTTP_*, VIRTUALBOX, they are just plain skipped.
 
You must log in or register to reply here.
Back
Top