I've applied the pre-2.0.31 #2 patch to a vanilla 2.0.30 and since
doing so I haven't been able to set any firewall rules. The error
message is invariably:
ipfwadm: setsockopt failed: Invalid argument
I'm using ipfwadm 2.3.0 and I did try recompiling it. Has anyone
else seen this? Anybody have any ideas? Am I missing something
obvious?
Relevant config:
CONFIG_NET=y
CONFIG_FIREWALL=y
CONFIG_NET_ALIAS=y
CONFIG_INET=y
CONFIG_IP_FORWARD=y
CONFIG_SYN_COOKIES=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_GRE=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_NET_IPIP=m
CONFIG_IP_ALIAS=m
CONFIG_INET_RARP=m
CONFIG_IP_NOSR=y
CONFIG_TR=y
CONFIG_IBMTR=m
strace follows:
# /sbin/ipfwadm -A in -a -P all -S 0.0.0.0/0 -D 0.0.0.0/0 -W tr0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|0x20, 4294967295, 0) = 0x40006000
mprotect(0x40000000, 19669, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x8048000, 20121, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
stat("/etc/ld.so.cache", {st_mode=S_IFREG|0644, st_size=2932, ...}) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
mmap(0, 2932, PROT_READ, MAP_SHARED, 3, 0) = 0x40007000
close(3) = 0
stat("/etc/ld.so.preload", 0xbffffb08) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.5.3.12", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 724992, PROT_NONE, MAP_PRIVATE|0x20, 4294967295, 0) = 0x40008000
mmap(0x40008000, 495550, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x40008000
mmap(0x40081000, 23472, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x78000) = 0x40081000
mmap(0x40087000, 203928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|0x20, 4294967295, 0) = 0x40087000
close(3) = 0
mprotect(0x40008000, 495550, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x8048000, 20121, PROT_READ|PROT_EXEC) = 0
mprotect(0x40008000, 495550, PROT_READ|PROT_EXEC) = 0
mprotect(0x40000000, 19669, PROT_READ|PROT_EXEC) = 0
SYS_136(0, 0xc, 0x30, 0x40005e48, 0x8048a90) = 0
brk(0x804e334) = 0x804e334
brk(0x804f000) = 0x804f000
open("/usr/share/locale/C/LC_MESSAGES", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/locale/C/libc.cat", 0xbffff694) = -1 ENOENT (No such file or directory)
stat("/usr/lib/locale/C/libc.cat", 0xbffff694) = -1 ENOENT (No such file or directory)
stat("/usr/lib/locale/libc/C", 0xbffff694) = -1 ENOENT (No such file or directory)
stat("/usr/share/locale/C/libc.cat", 0xbffff694) = -1 ENOENT (No such file or directory)
stat("/usr/local/share/locale/C/libc.cat", 0xbffff694) = -1 ENOENT (No such file or directory)
socket(PF_INET, SOCK_RAW, IPPROTO_??? (0xff)) = 3
setsockopt(3, IPPROTO_IP833, [0], 104) = -1 EINVAL (Invalid argument)
write(2, "ipfwadm: setsockopt failed: Inva"..., 45) = 45
_exit(-1) = ?
-- Andrew Purtell phone: (617) 272-9700 Network Administrator fax : (617) 272-9300 Intelligent Environments email: apurtell@ieinc.com http://www.ieinc.com/ akp@tiac.net