Date: Wed, 8 Dec 1999 01:11:41 -0800 (PST) From: Leonard <leonard@mofo.theta-chi.net> To: Andrzej Szydlo <andrzej@gv.edu.pl> Cc: questions@freebsd.org Subject: Re: NATd: tons of "failed to write packet back" errors Message-ID: <Pine.BSF.4.10.9912080110360.17387-100000@mofo.theta-chi.net> In-Reply-To: <19991208082817.C20357@gv.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Yup, all of the rules look fine to me. Here's the output of ipfw show: 00100 9069619 5504822826 divert 8668 ip from any to any via rl0 00100 4084 12861636 allow ip from any to any via lo0 00200 2537 595981 deny ip from any to 127.0.0.0/8 65000 17778873 10800924338 allow ip from any to any 65535 0 0 deny ip from any to any Leonard On Wed, 8 Dec 1999, Andrzej Szydlo wrote: > On Tue, Dec 07, 1999 at 11:03:38PM -0800, Leonard wrote: > > I've been seeing my logs filled with: > > > > Dec 7 22:56:04 mofo natd[14291]: failed to write packet back (Permission > > denied) > > Dec 7 22:56:04 mofo natd[14291]: failed to write packet back (Permission > > denied) > > > > Does anybody know what this is caused by? I have ipfw set to "open" via > > rc.conf. I've been noticing that there are a lot of denied packets from > > 127.0.0.0/8. If NATd is sending data to localhost, then shouldn't it be > > going through lo0 which works? Other than the sheer number of error > > messages going to syslog, it seems like natd is working fine. > > Hi, > > Do you have a rule allowing traffic to and form 127.0.0.1 before the divert > rule? > > Like: > /sbin/ipfw add allow ip from any to any via lo0 > or > /sbin/ipfw add allow ip from 127.0.0.1 to 127.0.0.1 > > Andrzej > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912080110360.17387-100000>