ipdivert.ko

Ian Smith smithi at nimnet.asn.au
Tue Apr 5 07:30:04 UTC 2011 

In freebsd-questions Digest, Vol 357, Issue 3, Message: 8
On Tue, 5 Apr 2011 00:58:50 +0930 Sebastian Ramadan <seb at geekycode.net> wrote:

 > I wish to cause ipdivert.ko to load at boot time. Currently, ipfw.ko loads
 > correctly at boot time with ipfw_load="YES" in /boot/loader.conf, but
 > ipdivert.ko does not load at boot time with ipdivert_load="YES". I'm able to
 > load it using kldload, though. dmesg doesn't seem to be giving any clues as
 > to why ipdivert won't load... What am I doing wrong?
 > 
 > Regards, Sebastian Ramadan.
 > My uname -a, /boot/loader.conf, kldstat and a successful load of ipdivert
 > using kldload after boot time:
 > domU-12-31-39-02-15-3A# uname -a
 > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb
 > 21 20:13:46 UTC 2011
 > root at chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN
 > i386
 > domU-12-31-39-02-15-3A# cat /boot/loader.conf
 > ipfw_load="YES"
 > ipdivert_load="YES"
 > domU-12-31-39-02-15-3A# kldstat
 > Id Refs Address    Size     Name
 >  1    8 0xc0000000 40000000 kernel
 >  2    1 0xc2bb3000 10000    ext2fs.ko
 >  3    1 0xc2d1f000 11000    ipfw.ko
 >  4    1 0xc2d30000 d000     libalias.ko

Hmm, I'm a bit curious as to why libalias.ko was loaded.  You don't 
have 'firewall_nat_enable="YES"' in rc.conf, do you?

Anyway, loader.conf isn't the way to go for loading ipfw or ipdivert 
(presumably for use by natd?) these days.

Instead you want these in /etc/rc.conf:

ipfw_enable="YES"
natd_enable="YES"

plus any required ipfw_ and natd_ variables (see /etc/defaults/rc.conf)

Then /etc/rc.d/ipfw will load ipfw.ko, and if natd_enable is set, will 
invoke /etc/rc.d/natd, which loads ipdivert.ko at the right time.

 > domU-12-31-39-02-15-3A# uname -a
 > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb
 > 21 20:13:46 UTC 2011
 > root at chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN
 > i386
 > domU-12-31-39-02-15-3A# kldload ipdivert
 > domU-12-31-39-02-15-3A# kldstat
 > Id Refs Address    Size     Name
 >  1   10 0xc0000000 40000000 kernel
 >  2    1 0xc2bb3000 10000    ext2fs.ko
 >  3    2 0xc2d1f000 11000    ipfw.ko
 >  4    1 0xc2d30000 d000     libalias.ko
 >  5    1 0xc3cc7000 4000     ipdivert.ko
 > 
 > My dmesg:
 > domU-12-31-39-02-15-3A# dmesg
 > Copyright (c) 1992-2011 The FreeBSD Project.
 > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 >         The Regents of the University of California. All rights reserved.
 > FreeBSD is a registered trademark of The FreeBSD Foundation.
 > FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011
 >     root at chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386

[..]

 > start_init: trying /sbin/init
 > ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based
 > forwarding disabled, default to deny, logging disabled
 > ipfw0: bpf attached

There are a number of outstanding PRs regarding module loading by natd 
and (if used) firewall_nat, and the use of these by /etc/rc.firewall.  

If enabling natd in rc.conf instead doesn't fix your issue, write to me 
privately and I'll put you onto some patches - but unless you're also 
(or instead) using kernel NAT (ipfirewall_nat - which needs to load 
libalias.ko) then the above settings should do you.

cheers, Ian

More information about the freebsd-questions mailing list