From owner-freebsd-stable  Sat Apr 14  1: 2:57 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from easystreet01.easystreet.com (easystreet.com [206.26.36.40])
	by hub.freebsd.org (Postfix) with ESMTP id DB53037B496
	for <freebsd-stable@FreeBSD.ORG>; Sat, 14 Apr 2001 01:02:54 -0700 (PDT)
	(envelope-from tashchuk@easystreet.com)
Received: from easystreet.com (dsl-209-162-218-66.easystreet.com [209.162.218.66])
	by easystreet01.easystreet.com (8.11.2/8.11.2) with ESMTP id f3E82lL13274;
	Sat, 14 Apr 2001 01:02:48 -0700 (PDT)
Message-ID: <3AD80427.36871745@easystreet.com>
Date: Sat, 14 Apr 2001 01:02:47 -0700
From: Bohdan Tashchuk <tashchuk@easystreet.com>
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Thomas T. Veldhouse" <veldy@veldy.net>
Cc: Gordon Tetlow <gordont@bluemtn.net>, freebsd-stable@FreeBSD.ORG
Subject: Re: natd[232]: failed to write packet back (Permission denied)
References: <Pine.BSF.4.33.0104131101380.60994-100000@sdmail0.sd.bmarts.com> <00a601c0c444$4ef9fc40$3028680a@tgt.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I'm running 3.5, so everything may have changed since. But I also had
this problem. Somehow the 'rwho' packets cause this. (Man rwho).

A simple change to /etc/rc.firewall is all it takes to get rid of this.
Here is a snippet of my change:

if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
        $fwcmd add 10 deny udp from any who to any who via
${natd_interface}
        $fwcmd add 20 divert natd all from any to any via
${natd_interface}
fi


"Thomas T. Veldhouse" wrote:
> 
> I was using stateful firewalling.  I get even more errors.  Oddly, whatever
> is causing it now happens in bursts of two every 12 minutes.  I have not
> figured it out -- really annoying.  The default "SIMPLE" firewall also
> causes it.  That should not be -- so I would call that a bug in the
> /etc/rc.firewall script at the very least.
> 
> Tom Veldhouse
> veldy@veldy.net
> 
> ----- Original Message -----
> From: "Gordon Tetlow" <gordont@bluemtn.net>
> To: "Thomas T. Veldhouse" <veldy@veldy.net>
> Cc: <freebsd-stable@FreeBSD.ORG>
> Sent: Friday, April 13, 2001 1:03 PM
> Subject: Re: natd[232]: failed to write packet back (Permission denied)
> 
> > But, if you use the default firewall rules, *all* packets get put through
> > natd, not just lan traffic, but incoming, and loopback traffic as well.
> >
> > I used to have this problem, but when I rewrote my firewall rules to use
> > stateful firewalling, it disappeared.
> >
> > -gordon
> >
> > On Fri, 13 Apr 2001, Thomas T. Veldhouse wrote:
> >
> > > As an addendum -- I get these messages even when there is NO activity on
> the
> > > LAN -- so natd is not even being used by any client.
> >
> >
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message