[FUG-BR] IPFW + fwd = getsockopt(IP_FW_ADD): Invalid argument

Alexandre Proença alexandre em levier.com.br
Segunda Outubro 26 09:53:54 BRST 2009 

Bom dia a todos da lista,
Alterei meu banco de dados mysql para outro servidor, para nao ter que 
mudar em minhas aplicações que sao muitas o endereço de conexão do 
banco, tive a ideia de fazer um port-forwarding no meu server antigo 
então teoricamente tudo que chega na porta 3306 do meu servidor antigo 
ele repassaria para a mesma porta de meu novo servidor, porem estou com 
uma mensagem de erro na hora de aplicar a regra de fwd, seguem abaixo as 
informações pertinetes

*FreeBSD venus.xxxxxxx.com.br 7.2-RELEASE FreeBSD 7.2-RELEASE*

*[root em venus /etc/rc.d]# sysctl -a | grep net.inet.ip*
net.inet.ip.portrange.randomtime: 45
net.inet.ip.portrange.randomcps: 10
net.inet.ip.portrange.randomized: 1
net.inet.ip.portrange.reservedlow: 0
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.hilast: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 0
net.inet.ip.accept_sourceroute: 0
net.inet.ip.keepfaith: 0
net.inet.ip.gifttl: 30
net.inet.ip.same_prefix_carp_only: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.fastforwarding: 0
net.inet.ip.maxfragpackets: 800
net.inet.ip.maxfragsperpacket: 16
net.inet.ip.fragpackets: 0
net.inet.ip.check_interface: 0
net.inet.ip.random_id: 0
net.inet.ip.sendsourcequench: 0
net.inet.ip.process_options: 1
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 15
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1

*Regras de IPFW*

enable verbose
enable one_pass
# add pass ip from any to any
#add divert natd ip from any to any via xl0
add divert natd ip from 192.168.200.0/22 to any out via xl0
add divert natd ip from any to me in via xl0
add pass udp from any to any
add pass ip from 192.168.0.0/16 to 192.168.0.0/16
add pass icmp from any to any
#add pass tcp from any to any 
20,21,22,23,53,80,3306,2222,8806,5432,1024-65000 setup
add pass tcp from any to any 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via xl0
add pass tcp from any 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 to any via sk0
add pass tcp from any to any 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via sk0
add deny tcp from any to any 587,2401,2049,512,513,514,445,79,111 via sk0
add pass tcp from any to any out via xl0
add pass tcp from any to any via xl0 established
#add deny ip from any to any via xl0
add fwd 192.168.200.40,3306 tcp from any to any 3306 via xl0

Mensagem de erro

[root em venus /etc/rc.d]# /etc/rc.d/ipfw restart
net.inet.ip.fw.enable: 1 -> 0
Stopping natd.
Waiting for PIDS: 75962, 75962, 75962, 75962, 75962.
Starting natd.
Loading /lib/libalias_cuseeme.so
Loading /lib/libalias_ftp.so
Loading /lib/libalias_irc.so
Loading /lib/libalias_nbt.so
Loading /lib/libalias_pptp.so
Loading /lib/libalias_skinny.so
Loading /lib/libalias_smedia.so
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 divert 8668 ip from 192.168.200.0/22 to any out via xl0
00500 divert 8668 ip from any to me in via xl0
00600 allow udp from any to any
00700 allow ip from 192.168.0.0/16 to 192.168.0.0/16
00800 allow icmp from any to any
00900 allow tcp from any to any dst-port 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via xl0
01000 allow tcp from any 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 to any via sk0
01100 allow tcp from any to any dst-port 
13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via sk0
01200 deny tcp from any to any dst-port 
587,2401,2049,512,513,514,445,79,111 via sk0
01300 allow tcp from any to any out via xl0
01400 allow tcp from any to any via xl0 established
*Line 18: getsockopt(IP_FW_ADD): Invalid argument*
Firewall rules loaded.
net.inet.ip.fw.enable: 0 -> 1

Alguem tem alguma ideia ou ja passou por este problema ??
Desde já agradeço


--

Mais detalhes sobre a lista de discussão freebsd