From owner-freebsd-questions Sat Apr 14 14:40:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from be-well.ilk.org (lowellg.ne.mediaone.net [24.147.184.128]) by hub.freebsd.org (Postfix) with ESMTP id CF27A37B505; Sat, 14 Apr 2001 14:40:12 -0700 (PDT) (envelope-from lowell@be-well.ilk.org) Received: (from lowell@localhost) by be-well.ilk.org (8.11.3/8.11.3) id f3ELeCW08303; Sat, 14 Apr 2001 17:40:12 -0400 (EDT) (envelope-from lowell) To: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Reply-To: freebsd-questions@freebsd.org Subject: Re: natd[232]: failed to write packet back (Permission denied) References: <9b7b3i$2kli$1@FreeBSD.csie.NCTU.edu.tw> From: Lowell Gilbert Date: 14 Apr 2001 17:40:12 -0400 In-Reply-To: veldy@veldy.net's message of "14 Apr 2001 00:56:18 +0800" Message-ID: <44eluvqhxf.fsf@lowellg.ne.mediaone.net> Lines: 38 X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG veldy@veldy.net ("Thomas T. Veldhouse") writes: > Apr 13 10:47:37 fuggle natd[232]: failed to write packet back (Permission > denied) > Apr 13 10:47:46 fuggle last message repeated 4 times > Apr 13 10:47:47 fuggle su: veldy to root on /dev/ttyp0 > Apr 13 10:47:58 fuggle natd[232]: failed to write packet back (Permission > denied) > Apr 13 10:48:31 fuggle last message repeated 3 times > > > Can anybody explain what causes this? I have look through archive after > archive and have found many many reports of this problem, but no solution. > The closest I have come is a message that says to check the firewall rules > to see what is blocking packets passed back from natd. This cannot be it > because I have added rules after the natd divert to open everything and this > still occurs. That is *exactly* what causes this message. Check your rules again -- and do it with 'ipfw l', not just by looking at your your firewall configuration script, because the auto-incrementing numbering may not have done quite what you expected. [I've made this mistake a number of times.] Also, make sure that the "open everything" rule is numbered higher than the divert rule. It won't work at all if they're at the same number. If the machines behind the NAT are sharing the same public address as the NAT machine itself, and you don't need them to accept connections initiated from the outside Internet, then it should be perfectly possible to set up your ipfw rules to avoid this. > Please help -- this fills logs and is a nuisance -- it has been a problem > ever since at least 4.1.1. Sounds like it's not a -stable problem, then. Let's move this over to -questions instead... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message