Date: Fri, 26 Feb 1999 10:09:35 UTC-0800 From: Mark McCutcheon <mjmccut@cs.ubc.ca> To: freebsd-net@FreeBSD.ORG Subject: Re: natd: failed to write packet back Message-ID: <"15018*mjmccut@cs.ubc.ca"@MHS> In-Reply-To: <Pine.BSF.4.05.9902260154370.64773-100000@leaf.lumiere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jesse <j@lumiere.net> wrote: > I have a box doing natd between two ethernet interfaces (one with public > IPs, one with reserved IPs). It works great for the most part, however I > get lots of the following messages in the logfiles intermittantly. > > Feb 26 01:09:09 mail natd: failed to write packet back (Host is down) > Feb 26 01:09:26 mail last message repeated 13 times > > Any idea what's going on? Is this just a mild warning, or is something > serious happening? If it's just a mild warning, is there a way of turning > this off? (short of editing the source code) Are you connected to a network on the public address side which uses RFC1918 private addresses for some of its routers, etc.? My home network is connected to Rogers@Home's cable net, which makes extensive use of such addresses. If your /etc/rc.natd contains only the restriction: unregistered_only yes my understanding is that natd will look at packets on your outside interface, sourced from machines using these unregistered addresses, and, quite rightly fail to "write them back" since they didn't come from inside in the first place. I don't know whether you can eliminate this problem using the redirect_address specification in /etc/rc.natd (you might try) - in my case, since I'm using packet filtering beyond divert anyhow, the easiest solution was to make sure that the rule for denying private addresses on the outside interface comes before the divert rule. Above FWIW - I haven't looked at the NAT code, these observations are the result of experimentation. Regards, Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?"15018*mjmccut>