Date: Sat, 14 Apr 2001 01:02:47 -0700 From: Bohdan Tashchuk <tashchuk@easystreet.com> To: "Thomas T. Veldhouse" <veldy@veldy.net> Cc: Gordon Tetlow <gordont@bluemtn.net>, freebsd-stable@FreeBSD.ORG Subject: Re: natd[232]: failed to write packet back (Permission denied) Message-ID: <3AD80427.36871745@easystreet.com> References: <Pine.BSF.4.33.0104131101380.60994-100000@sdmail0.sd.bmarts.com> <00a601c0c444$4ef9fc40$3028680a@tgt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm running 3.5, so everything may have changed since. But I also had
this problem. Somehow the 'rwho' packets cause this. (Man rwho).
A simple change to /etc/rc.firewall is all it takes to get rid of this.
Here is a snippet of my change:
if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
$fwcmd add 10 deny udp from any who to any who via
${natd_interface}
$fwcmd add 20 divert natd all from any to any via
${natd_interface}
fi
"Thomas T. Veldhouse" wrote:
>
> I was using stateful firewalling. I get even more errors. Oddly, whatever
> is causing it now happens in bursts of two every 12 minutes. I have not
> figured it out -- really annoying. The default "SIMPLE" firewall also
> causes it. That should not be -- so I would call that a bug in the
> /etc/rc.firewall script at the very least.
>
> Tom Veldhouse
> veldy@veldy.net
>
> ----- Original Message -----
> From: "Gordon Tetlow" <gordont@bluemtn.net>
> To: "Thomas T. Veldhouse" <veldy@veldy.net>
> Cc: <freebsd-stable@FreeBSD.ORG>
> Sent: Friday, April 13, 2001 1:03 PM
> Subject: Re: natd[232]: failed to write packet back (Permission denied)
>
> > But, if you use the default firewall rules, *all* packets get put through
> > natd, not just lan traffic, but incoming, and loopback traffic as well.
> >
> > I used to have this problem, but when I rewrote my firewall rules to use
> > stateful firewalling, it disappeared.
> >
> > -gordon
> >
> > On Fri, 13 Apr 2001, Thomas T. Veldhouse wrote:
> >
> > > As an addendum -- I get these messages even when there is NO activity on
> the
> > > LAN -- so natd is not even being used by any client.
> >
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AD80427.36871745>