Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Feb 2001 15:32:27 +1300
From:      Jonathan Chen <jonathan.chen@itouch.co.nz>
To:        Benjamin Ossei <ben@cahostnet.net>
Cc:        mel kravitz <melk@switchpwr.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: natd call
Message-ID:  <20010201153226.B76174@itouchnz.itouch>
In-Reply-To: <20010201015909.091F33ED3@sitemail.everyone.net>; from ben@cahostnet.net on Wed, Jan 31, 2001 at 05:59:08PM -0800
References:  <20010201015909.091F33ED3@sitemail.everyone.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jan 31, 2001 at 05:59:08PM -0800, Benjamin Ossei wrote:
> I'm having the same problem.  What packets will that be?  This is what I thought but I can't figure out whree I'm dening the package.
> 
> Thanks..

If you add this as your last rule:

	${fwcmd} add deny log ip from any to any

You'll get a log of the blocked packets coming out of your console, if
you've compiled the kernel with IPFIREWALL_VERBOSE.
-- 
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
                                  Computers are like air conditioners.
                              They stop working when you open Windows.

> 
> --- Jonathan Chen <jonathan.chen@itouch.co.nz>
> > wrote:
> >On Thu, Feb 01, 2001 at 01:26:17AM +0000, mel kravitz wrote:
> >> Hi,
> >> Running 4.1 on an i386 box, updated to 4.1 after succesfully using 2.2.8
> >> 
> >> for 2+ years.
> >> I normally start natd from /sbin/natd -m -f /etc/natd.conf
> >> (/etc/rc.conf.local)
> >> where /etc/natd.conf file is included below :
> >> ipfw rules contain proper divert call to tx0
> >> my question is i am getting a large number of /var/log/messages:
> >> natd "failed to write packet back (permission denied)"
> >
> >This indicates that your f/w rules are blocking packets on the way
> >back out.
> >
> >> If i start natd from /etc/rc.conf  file how do i call natd.conf?
> >
> >In /etc/rc.conf:
> >
> >	natd_enable="YES"
> >	natd_flags="-f /etc/natd.conf"
> >
> >-- 
> >Jonathan Chen <jonathan.chen@itouch.co.nz>
> >----------------------------------------------------------------------
> >The human mind ordinarily operates at only ten percent of its capacity
> >                     -- the rest is overhead for the operating system.
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-questions" in the body of the message
> 
> _____________________________________________________________
> ========GET YOUR FREE E-MAIL============
> http://freemail.cahostnet.net
> Web Hosting http://www.cahostnet.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010201153226.B76174>