ipf + ipfw + divert = no go
Chris Knipe
savage at savage.za.org
Tue May 24 04:57:40 PDT 2005
On Tue, May 24, 2005 at 01:54:45PM +0200, Joost Bekkers wrote:
> On Tue, May 24, 2005 at 01:38:58PM +0200, Chris Knipe wrote:
> > On Tue, May 24, 2005 at 12:56:06PM +0200, Chris Knipe wrote:
> > > Hi,
> > >
> > > Quick question...
> > >
> > > dmesg:
> > > IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled
> > > ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 1024 packets/entry by default
> > >
> > >
> > > shell:
> > > bash-2.05b# ipfw add 50 fwd 192.168.0.237,3306 tcp from any to x.x.56.178 dst-port 3306
> > > ipfw: getsockopt(IP_FW_ADD): Operation not permitted
> > > bash-2.05b# whoami
> > > root
> > > bash-2.05b#
> > >
> > > What gives????? FreeBSD 5.4-STABLE
> >
> >
> > bash-2.05b# ipfw add 50 fwd 1.1.1.1,1 tcp from 1.1.1.1 to 1.1.1.1 dst-port 1
> > ipfw: getsockopt(IP_FW_ADD): Operation not permitted
> > bash-2.05b# ipfw add 50 allow ip from me to any
> > ipfw: getsockopt(IP_FW_ADD): Operation not permitted
> > bash-2.05b#
>
> At what securelevel are you running?
Slap me with a rotten trout! Thank you very much... Was level 3 which is
obviously to high :) It's ment to be level 2.
Thanks allot!
--
Chris.
More information about the freebsd-questions
mailing list