From owner-freebsd-questions  Wed Dec  8  8:34:18 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from mofo.theta-chi.net (adsl-63-195-32-82.dsl.snfc21.pacbell.net [63.195.32.82])
	by hub.freebsd.org (Postfix) with ESMTP id EE2181556E
	for <questions@FreeBSD.ORG>; Wed,  8 Dec 1999 08:34:13 -0800 (PST)
	(envelope-from leonard@mofo.theta-chi.net)
Received: from localhost (leonard@localhost)
	by mofo.theta-chi.net (8.9.3/8.9.3) with ESMTP id IAA18341;
	Wed, 8 Dec 1999 08:36:17 -0800 (PST)
	(envelope-from leonard@mofo.theta-chi.net)
Date: Wed, 8 Dec 1999 08:36:16 -0800 (PST)
From: Leonard <leonard@mofo.theta-chi.net>
To: Dan Nelson <dnelson@emsphone.com>
Cc: Andrzej Szydlo <andrzej@gv.edu.pl>, questions@FreeBSD.ORG
Subject: Re: NATd: tons of "failed to write packet back" errors
In-Reply-To: <19991208095826.A36378@dan.emsphone.com>
Message-ID: <Pine.BSF.4.10.9912080832030.18321-100000@mofo.theta-chi.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 8 Dec 1999, Dan Nelson wrote:

As Andrzej suggested, I changed my ruleset a bit to:

00050   109413    55717767 divert 8668 ip from any to any via rl0
00100       26        1368 allow ip from any to any via lo0
00150       20        4740 allow log logamount 100 ip from 63.195.32.82 to
127.0.0.0/8
00200       44       10428 deny log logamount 100 ip from any to
127.0.0.0/8
65000 17992518 10913864723 allow ip from any to any
65535        0           0 deny ip from any to any

Everything is working fine now. Apparently, NetBIOS udp packets were
gunking up the works. I'm wondering whether I should block them though as
I don't want the outside world being able to access internal shares and
vice versa. The 63.195.32.82 address is to the outside world. 10.0.0.0/8
is used internally.

Leonard

Dec  8 08:11:54 mofo /kernel: ipfw: 150 Accept UDP 63.195.32.82:138
127.255.255.255:138 out via rl0

> In the last episode (Dec 08), Leonard said:
> > Yup, all of the rules look fine to me. Here's the output of ipfw show:
> > 
> > 00100  9069619  5504822826 divert 8668 ip from any to any via rl0
> > 00100     4084    12861636 allow ip from any to any via lo0
> > 00200     2537      595981 deny ip from any to 127.0.0.0/8
> > 65000 17778873 10800924338 allow ip from any to any
> > 65535        0           0 deny ip from any to any
> 
> Try changing rule 200 to 'deny log ip from any to 127.0.0.0/8' and see
> exactly what packets are tripping that rule.
> 
> -- 
> 	Dan Nelson
> 	dnelson@emsphone.com
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message