From owner-freebsd-stable Mon Aug 7 14:11:21 2000 Delivered-To: freebsd-stable@freebsd.org Received: from turtle.looksharp.net (cc360882-a.strhg1.mi.home.com [24.2.221.22]) by hub.freebsd.org (Postfix) with ESMTP id 174CB37B50F for ; Mon, 7 Aug 2000 14:11:19 -0700 (PDT) (envelope-from bsdx@looksharp.net) Received: from localhost (bsdx@localhost) by turtle.looksharp.net (8.9.3/8.9.3) with ESMTP id RAA75882; Mon, 7 Aug 2000 17:08:55 -0400 (EDT) (envelope-from bsdx@looksharp.net) Date: Mon, 7 Aug 2000 17:08:55 -0400 (EDT) From: Adam To: Gabriel Ambuehl Cc: stable@FreeBSD.ORG Subject: Re: Killed natd -> system crash In-Reply-To: <143468894.20000807224921@buz.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 7 Aug 2000, Gabriel Ambuehl wrote: >Hello, >I killed natd on one of my boxes and it ended up with a system >which didn't respond to any IP connection attempts I did. Neither sshd >nor any other daemon was responding, same goes for ICMP connection >attempts. This sounds like you had a divert rule in place before the "allow all from any to any" rule, so it was piping all packets down divert to a nonexistant natd. Is this the case? If so, you need to at least add a rule to allow traffic from all/some hosts to at least the sshd port (and back out) or add a rule allowing all traffic to and from a trusted host on the internet. Since you didn't describe "crash", I assume you didn't have console access and dont know what really happened. I bet thats all this is. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message