Skip site navigation (1)Skip section navigation (2) 
Date:      14 Apr 2001 17:40:12 -0400
From:      Lowell Gilbert <lowell@world.std.com>
To:        freebsd-stable@freebsd.org, freebsd-questions@freebsd.org
Subject:   Re: natd[232]: failed to write packet back (Permission denied)
Message-ID:  <44eluvqhxf.fsf@lowellg.ne.mediaone.net>
In-Reply-To: veldy@veldy.net's message of "14 Apr 2001 00:56:18 %2B0800"
References:  <9b7b3i$2kli$1@FreeBSD.csie.NCTU.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help 
veldy@veldy.net ("Thomas T. Veldhouse") writes:

> Apr 13 10:47:37 fuggle natd[232]: failed to write packet back (Permission
> denied)
> Apr 13 10:47:46 fuggle last message repeated 4 times
> Apr 13 10:47:47 fuggle su: veldy to root on /dev/ttyp0
> Apr 13 10:47:58 fuggle natd[232]: failed to write packet back (Permission
> denied)
> Apr 13 10:48:31 fuggle last message repeated 3 times
> 
> 
> Can anybody explain what causes this?  I have look through archive after
> archive and have found many many reports of this problem, but no solution.
> The closest I have come is a message that says to check the firewall rules
> to see what is blocking packets passed back from natd.  This cannot be it
> because I have added rules after the natd divert to open everything and this
> still occurs.

That is *exactly* what causes this message.  Check your rules again --
and do it with 'ipfw l', not just by looking at your your firewall
configuration script, because the auto-incrementing numbering may not
have done quite what you expected.  [I've made this mistake a number
of times.]

Also, make sure that the "open everything" rule is numbered higher
than the divert rule.  It won't work at all if they're at the same
number.

If the machines behind the NAT are sharing the same public address as
the NAT machine itself, and you don't need them to accept connections
initiated from the outside Internet, then it should be perfectly
possible to set up your ipfw rules to avoid this.

> Please help -- this fills logs and is a nuisance -- it has been a problem
> ever since at least 4.1.1.

Sounds like it's not a -stable problem, then.  Let's move this over to
-questions instead...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44eluvqhxf.fsf>