From owner-freebsd-questions  Wed Dec  8  1:10:21 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from mofo.theta-chi.net (adsl-63-195-32-82.dsl.snfc21.pacbell.net [63.195.32.82])
	by hub.freebsd.org (Postfix) with ESMTP id 247FB14D8A
	for <questions@freebsd.org>; Wed,  8 Dec 1999 01:10:19 -0800 (PST)
	(envelope-from leonard@mofo.theta-chi.net)
Received: from localhost (leonard@localhost)
	by mofo.theta-chi.net (8.9.3/8.9.3) with ESMTP id BAA17401;
	Wed, 8 Dec 1999 01:11:42 -0800 (PST)
	(envelope-from leonard@mofo.theta-chi.net)
Date: Wed, 8 Dec 1999 01:11:41 -0800 (PST)
From: Leonard <leonard@mofo.theta-chi.net>
To: Andrzej Szydlo <andrzej@gv.edu.pl>
Cc: questions@freebsd.org
Subject: Re: NATd: tons of "failed to write packet back" errors
In-Reply-To: <19991208082817.C20357@gv.edu.pl>
Message-ID: <Pine.BSF.4.10.9912080110360.17387-100000@mofo.theta-chi.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Yup, all of the rules look fine to me. Here's the output of ipfw show:

00100  9069619  5504822826 divert 8668 ip from any to any via rl0
00100     4084    12861636 allow ip from any to any via lo0
00200     2537      595981 deny ip from any to 127.0.0.0/8
65000 17778873 10800924338 allow ip from any to any
65535        0           0 deny ip from any to any

Leonard

On Wed, 8 Dec 1999, Andrzej Szydlo wrote:

> On Tue, Dec 07, 1999 at 11:03:38PM -0800, Leonard wrote:
> > I've been seeing my logs filled with:
> > 
> > Dec  7 22:56:04 mofo natd[14291]: failed to write packet back (Permission
> > denied)
> > Dec  7 22:56:04 mofo natd[14291]: failed to write packet back (Permission
> > denied)
> > 
> > Does anybody know what this is caused by? I have ipfw set to "open" via
> > rc.conf. I've been noticing that there are a lot of denied packets from
> > 127.0.0.0/8. If NATd is sending data to localhost, then shouldn't it be
> > going through lo0 which works? Other than the sheer number of error
> > messages going to syslog, it seems like natd is working fine.
> 
> Hi,
> 
> Do you have a rule allowing traffic to and form 127.0.0.1 before the divert 
> rule?
> 
> Like:
> /sbin/ipfw add allow ip from any to any via lo0
> or
> /sbin/ipfw add allow ip from 127.0.0.1 to 127.0.0.1
> 
> Andrzej
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message