From edwin@mavetju.org  Sun Jun 17 23:30:24 2007
Return-Path: <edwin@mavetju.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4F02B16A46E
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2007 23:30:24 +0000 (UTC)
	(envelope-from edwin@mavetju.org)
Received: from mail4out.barnet.com.au (mail4.barnet.com.au [202.83.178.125])
	by mx1.freebsd.org (Postfix) with ESMTP id 11B7913C4BD
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2007 23:30:24 +0000 (UTC)
	(envelope-from edwin@mavetju.org)
Received: by mail4out.barnet.com.au (Postfix, from userid 1001)
	id 29A8037DA97; Mon, 18 Jun 2007 09:30:23 +1000 (EST)
Received: from mail4auth.barnet.com.au (mail4.barnet.com.au [202.83.178.125])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mail4.barnet.com.au (Postfix) with ESMTP id F0A54423070
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Jun 2007 09:30:22 +1000 (EST)
Received: from k7.mavetju (k7.mavetju.org [10.251.1.18])
	by mail4auth.barnet.com.au (Postfix) with ESMTP id 95F6A37D93A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Jun 2007 09:30:22 +1000 (EST)
Received: by k7.mavetju (Postfix, from userid 1001)
	id E3847EF; Mon, 18 Jun 2007 09:30:21 +1000 (EST)
Message-Id: <20070617233021.E3847EF@k7.mavetju>
Date: Mon, 18 Jun 2007 09:30:21 +1000 (EST)
From: Edwin Groothuis <edwin@mavetju.org>
Reply-To: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] bin/ipfw.8 - don't get bitten by the fwd rule
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         113803
>Category:       docs
>Synopsis:       [patch] ipfw(8) - don't get bitten by the fwd rule
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 17 23:40:04 GMT 2007
>Closed-Date:    Mon Jun 27 07:51:49 UTC 2011
>Last-Modified:  Mon Jun 27 07:51:49 UTC 2011
>Originator:     Edwin Groothuis
>Release:        FreeBSD 6.2-RELEASE-p4 i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386

>Description:

After hours of struggling with the "ipfw fwd" option I found out
why I didn't understand what was going wrong. I have updated the
documentation of the ipfw fwd option to make this more obvious.

>How-To-Repeat:
>Fix:


Index: ipfw.8
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw.8,v
retrieving revision 1.200
diff -u -r1.200 ipfw.8
--- ipfw.8	4 May 2007 11:15:41 -0000	1.200
+++ ipfw.8	17 Jun 2007 23:28:38 -0000
@@ -735,10 +735,13 @@
 entry look rather weird but is intended for
 use with transparent proxy servers.
 .Pp
-To enable
+Note: To enable the
 .Cm fwd
-a custom kernel needs to be compiled with the option
+action, a custom kernel needs to be compiled with the option
 .Cd "options IPFIREWALL_FORWARD" .
+This is NOT done automatically when enabling it in the
+.Nm
+kernel module.
 .It Cm nat Ar nat_nr
 Pass packet to a
 nat instance
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sat Oct 6 11:37:50 UTC 2007 
Responsible-Changed-Why:  
Maybe somebody from the mailinglist wants to comment on the PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113803 
State-Changed-From-To: open->closed 
State-Changed-By: ae 
State-Changed-When: Mon Jun 27 07:45:59 UTC 2011 
State-Changed-Why:  
The manual page already has a note about need of the custom kernel 
configuration. When ipfw is used as module it reports that forwarding 
is disabled and returns error for each fwd rule. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113803 
>Unformatted:
