Re: ipdivert.ko
In freebsd-questions Digest, Vol 357, Issue 3, Message: 8 On Tue, 5 Apr 2011 00:58:50 +0930 Sebastian Ramadan s...@geekycode.net wrote: I wish to cause ipdivert.ko to load at boot time. Currently, ipfw.ko loads correctly at boot time with ipfw_load=YES in /boot/loader.conf, but ipdivert.ko does not load at boot time with ipdivert_load=YES. I'm able to load it using kldload, though. dmesg doesn't seem to be giving any clues as to why ipdivert won't load... What am I doing wrong? Regards, Sebastian Ramadan. My uname -a, /boot/loader.conf, kldstat and a successful load of ipdivert using kldload after boot time: domU-12-31-39-02-15-3A# uname -a FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 domU-12-31-39-02-15-3A# cat /boot/loader.conf ipfw_load=YES ipdivert_load=YES domU-12-31-39-02-15-3A# kldstat Id Refs AddressSize Name 18 0xc000 4000 kernel 21 0xc2bb3000 1ext2fs.ko 31 0xc2d1f000 11000ipfw.ko 41 0xc2d3 d000 libalias.ko Hmm, I'm a bit curious as to why libalias.ko was loaded. You don't have 'firewall_nat_enable=YES' in rc.conf, do you? Anyway, loader.conf isn't the way to go for loading ipfw or ipdivert (presumably for use by natd?) these days. Instead you want these in /etc/rc.conf: ipfw_enable=YES natd_enable=YES plus any required ipfw_ and natd_ variables (see /etc/defaults/rc.conf) Then /etc/rc.d/ipfw will load ipfw.ko, and if natd_enable is set, will invoke /etc/rc.d/natd, which loads ipdivert.ko at the right time. domU-12-31-39-02-15-3A# uname -a FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 domU-12-31-39-02-15-3A# kldload ipdivert domU-12-31-39-02-15-3A# kldstat Id Refs AddressSize Name 1 10 0xc000 4000 kernel 21 0xc2bb3000 1ext2fs.ko 32 0xc2d1f000 11000ipfw.ko 41 0xc2d3 d000 libalias.ko 51 0xc3cc7000 4000 ipdivert.ko My dmesg: domU-12-31-39-02-15-3A# dmesg Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 [..] start_init: trying /sbin/init ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled ipfw0: bpf attached There are a number of outstanding PRs regarding module loading by natd and (if used) firewall_nat, and the use of these by /etc/rc.firewall. If enabling natd in rc.conf instead doesn't fix your issue, write to me privately and I'll put you onto some patches - but unless you're also (or instead) using kernel NAT (ipfirewall_nat - which needs to load libalias.ko) then the above settings should do you. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ipdivert.ko
I wish to cause ipdivert.ko to load at boot time. Currently, ipfw.ko loads correctly at boot time with ipfw_load=YES in /boot/loader.conf, but ipdivert.ko does not load at boot time with ipdivert_load=YES. I'm able to load it using kldload, though. dmesg doesn't seem to be giving any clues as to why ipdivert won't load... What am I doing wrong? Regards, Sebastian Ramadan. My uname -a, /boot/loader.conf, kldstat and a successful load of ipdivert using kldload after boot time: domU-12-31-39-02-15-3A# uname -a FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 domU-12-31-39-02-15-3A# cat /boot/loader.conf ipfw_load=YES ipdivert_load=YES domU-12-31-39-02-15-3A# kldstat Id Refs AddressSize Name 18 0xc000 4000 kernel 21 0xc2bb3000 1ext2fs.ko 31 0xc2d1f000 11000ipfw.ko 41 0xc2d3 d000 libalias.ko domU-12-31-39-02-15-3A# uname -a FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 domU-12-31-39-02-15-3A# kldload ipdivert domU-12-31-39-02-15-3A# kldstat Id Refs AddressSize Name 1 10 0xc000 4000 kernel 21 0xc2bb3000 1ext2fs.ko 32 0xc2d1f000 11000ipfw.ko 41 0xc2d3 d000 libalias.ko 51 0xc3cc7000 4000 ipdivert.ko My dmesg: domU-12-31-39-02-15-3A# dmesg Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011 r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386 Xen reported: 2599.998 MHz processor. Timecounter ixen frequency 1953125 Hz quality 0 CPU: Dual-Core AMD Opteron(tm) Processor 2218 HE (2600.00-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x40f13 Family = f Model = 41 Stepping = 3 Features=0x1783fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT Features2=0x2001SSE3,CX16 AMD Features=0xea500800SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+,3DNow! AMD Features2=0x1fLAHF,CMP,SVM,ExtAPIC,CR8 Data TLB: 32 entries, fully associative Instruction TLB: 32 entries, fully associative L1 data cache: 64 kbytes, 64 bytes/line, 1 lines/tag, 2-way associative L1 instruction cache: 64 kbytes, 64 bytes/line, 1 lines/tag, 2-way associative L2 internal cache: 1024 kbytes, 64 bytes/line, 1 lines/tag, 8-way associative real memory = 644874240 (615 MB) Physical memory chunk(s): 0x0062a000 - 0x25b4dfff, 626147328 bytes (152868 pages) avail memory = 623058944 (594 MB) APIC: Using the MPTable enumerator. SMP: Added CPU 0 (BSP) [XEN] IPI cpu=0 irq=128 vector=RESCHEDULE_VECTOR (0) [XEN] IPI cpu=0 irq=129 vector=CALL_FUNCTION_VECTOR (1) Event-channel device installed. io: I/O mem: memory Pentium Pro MTRR support enabled random: entropy source, Software, Yarrow null: null device, zero device nfslock: pseudo-device [XEN] xen_rtc_probe: probing Hypervisor RTC clock rtc0: Xen Hypervisor Clock on motherboard [XEN] xen_rtc_attach: attaching Hypervisor RTC clock rtc0: registered as a time-of-day clock (resolution 100us) xs_probe: Probe retuns 0 xenstore0: XenStore on motherboard Grant table initialized xc0: Xen Console on motherboard Device configuration finished. procfs registered Timecounters tick every 10.000 msec [XEN] hypervisor wallclock nudged; nudging TOD. lo0: bpf attached xenbusb_front0: Xen Frontend Devices on xenstore0 xn0: Virtual Network Interface at device/vif/0 on xenbusb_front0 xn0: bpf attached xn0: Ethernet address: 12:31:39:02:15:3a xenbusb_back0: Xen Backend Devices on xenstore0 xctrl0: Xen Control Device on xenstore0 xbd0: 1024MB Virtual Block Device at device/vbd/2049 on xenbusb_front0 xbd0: attaching as da0 GEOM: new disk da0 xbd1: 9216MB Virtual Block Device at device/vbd/2064 on xenbusb_front0 xbd1: attaching as da1 GEOM: new disk da1 Trying to mount root from ufs:da1s1 rtc0: [XEN] xen_rtc_gettime rtc0: [XEN] xen_rtc_gettime: wallclock 1290456569 sec; 919153165 nsec rtc0: [XEN] xen_rtc_gettime: uptime 11380100 sec; 82341069 nsec rtc0: [XEN] xen_rtc_gettime: TOD 1301836670 sec; 1494234 nsec start_init: trying /sbin/init ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled ipfw0: bpf attached ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 5.x ipdivert.ko with pf and natd?
Michael Dexter [EMAIL PROTECTED] writes: Hello, I would like to use natd with packet filter under FreeBSD 5.4. The rc.conf man page states that I want: natd_enable=YES and that if the kernel was not built with options IPDIVERT, the ipdivert.ko kernel module will be loaded. Unfortunately, the module ipdivert.ko does not appear to exist in /boot/kernel/ ... but I do see it in 6.x filesystem. I tried building a kernel with: options IPDIVERT and that did not appear to produce the module (depends on ipfw though I want to use pf?). I do however see the source in: /usr/src/sys/netinet/ip_divert.c 1. Am I overlooking the prebuilt module in 5.x? 2. Can I simply build the module on its own without a full buildkernel? 3. Given that buildkernel did not produce it, how can I produce it? No, I don't see it in the module makefile on my -STABLE machine. natd *does* depend on ipfw; if you want to use pf, you probably want to use its built-in NAT capabilities. If you *do* want natd, you can always compile divert directly into your kernel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.x ipdivert.ko with pf and natd?
Hello, I would like to use natd with packet filter under FreeBSD 5.4. The rc.conf man page states that I want: natd_enable=YES and that if the kernel was not built with options IPDIVERT, the ipdivert.ko kernel module will be loaded. Unfortunately, the module ipdivert.ko does not appear to exist in /boot/kernel/ ... but I do see it in 6.x filesystem. I tried building a kernel with: options IPDIVERT and that did not appear to produce the module (depends on ipfw though I want to use pf?). I do however see the source in: /usr/src/sys/netinet/ip_divert.c 1. Am I overlooking the prebuilt module in 5.x? 2. Can I simply build the module on its own without a full buildkernel? 3. Given that buildkernel did not produce it, how can I produce it? Thanks! Michael. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
