Hi, I've found how to fix my problems in FreeBSD, the kernel sources were not the good ones. So after loading the original kernel sources and compiling the whole thing, it's working fine.
However I still can't have it running on my 2.6.9 linux kernel Fedora Core 3. Has anyone had any success with it? Thanks Anthony > -----Original Message----- > From: Anthony Lannuzel > Sent: vendredi 10 mars 2006 3:15 > To: 'ipfilter@coombs.anu.edu.au' > Subject: checksum error + open device error > > Hi! > I'm trying to get ipfilter running on FreeBSD and GNU/Linux, but I face > some > issues with it : > > I started with ipf version 3.4.20 under FreeBSD.4-4. > When I wanted to redirect packets from xl0 to tun0, I got a bad checksum, > what caused my packets to be dropped. > Here is the rule : > pass in quick on xl0 to tun0 proto icmp all > > tcpdump on xl0 show a valid packet, whether tcpdump on tun0 shows me a > packet whith "bad checksum" > > Actually the IP id of the packet is changed, which may be normal, and the > checksum is changed too, but why does it get wrong? > > I though it was a bug, which was corrected in the current > version(v4.1.10), > so I tried to install it, but I get now this error : > > anthony # ipf -V > ipf: IP Filter: v4.1.10 (396) > open device: Device not configured > > however, I have read the mailing list, and have done everything was told > there : > > anthony # ll /dev/ip* > crw------- 1 root wheel 79, 3 Mar 9 11:44 /dev/ipauth > crw------- 1 root wheel 79, 0 Mar 9 11:44 /dev/ipl > crw------- 1 root wheel 79, 1 Mar 9 11:44 /dev/ipnat > crw------- 1 root wheel 79, 2 Mar 9 11:44 /dev/ipstate > > anthony # grep IPFILTER /usr/src/sys/i386/conf/GENERIC > options IPFILTER > options IPFILTER_LOG > anthony # grep ipfilter /usr/src/sys/i386/conf/GENERIC > pseudo-device ipfilter # IP filter (firewall) and NAT > > anthony # kldstat > Id Refs Address Size Name > 1 3 0xc0100000 3a03b0 kernel > 2 1 0xce7f4000 15000 ipl.ko > 3 1 0xce845000 12000 linux.ko > > > Crist J. Clark told me that the ipl.ko module should not be > loaded, as I build IPFilter into the kernel. But the module > appears when I build the kernel, is it normal? > > > I also tried to use IPFilter on Fedora3, by installing from the > sources found on the web site, and even if I load the module > (modprobe ipfilter), I get this error: > > fedora # ipf -V > ipf: IP Filter: v4.1.10 (388) > open device: Device not configured > > However the module is loaded : > fedora # lsmod|grep ip > ipfilter 169112 0 > ipv6 232577 8 > > So I make the devices: > mknod /dev/ipl c 79 0 > mknod /dev/ipnat c 79 1 > mknod /dev/ipstate c 79 2 > mknod /dev/ipauth c 79 3 > > and I get this : > fedora # ipf -V > ipf: IP Filter: v4.1.10 (388) > open device: No such device or address > > Any help for any of these problems? > Regards > > Anthony ___________________________________________________________________________________ E-MAIL DISCLAIMER The present message may contain confidential and/or legally privileged information. If you are not the intended addressee and in case of a transmission error, please notify the sender immediately and destroy this E-mail. Disclosure, reproduction or distribution of this document and its possible attachments is strictly forbidden. SPACEBEL denies all liability for incomplete, improper, inaccurate, intercepted, (partly) destroyed, lost and/or belated transmission of the current information given that unencrypted electronic transmission cannot currently be guaranteed to be secure or error free. Upon request or in conformity with formal, contractual agreements, an originally signed hard copy will be sent to you to confirm the information contained in this E-mail. SPACEBEL denies all liability where E-mail is used for private use. SPACEBEL cannot be held responsible for possible viruses that might corrupt this message and/or your computer system. ____________________________________________________________________________________
