From owner-freebsd-questions Wed Oct 3 6:24:40 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pioneernet.net (mail.pioneernet.net [207.115.64.224]) by hub.freebsd.org (Postfix) with ESMTP id 2BD8B37B408 for ; Wed, 3 Oct 2001 06:24:32 -0700 (PDT) Received: from chip.wiegand.org [66.114.152.128] by pioneernet.net (SMTPD32-6.06) id A1958C9E00CE; Wed, 03 Oct 2001 06:24:37 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Chip To: cjclark@alum.mit.edu, "Crist J. Clark" Subject: Re: natd permission denied at bootup Date: Wed, 3 Oct 2001 06:27:07 -0700 X-Mailer: KMail [version 1.2] Cc: freebsd-questions@FreeBSD.ORG References: <0110022222480G.96094@chip.wiegand.org> <20011003012926.L310@blossom.cjclark.org> In-Reply-To: <20011003012926.L310@blossom.cjclark.org> MIME-Version: 1.0 Message-Id: <0110030627070H.96094@chip.wiegand.org> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 03 October 2001 01:29, Crist J. Clark wrote: > On Tue, Oct 02, 2001 at 10:22:48PM -0700, Chip wrote: > > [snip] > > > natd: failed to write packet back (permission denied) > > routed: send bcast sendto(xl0): permission denied > > starting final network daemons: firewall, routed: sendto(dc0): permission > > denied. > > This sure looks like your firewall not passing packets. And we can fix > the routed(8) problem easily. You don't need it, turn it off. I disabled that line, but am still getting the message: natd: failed to write packet: no route to host > > Any ideas what's going one here? I have verified all the files with the > > existing firewall box and it's been working fine for a couple years. > > Have you done a, > > # ipfw show Yes, the rules are loaded, in fact they show on the boot messages. > Once the box is up and running to make sure the firewall rules, > > > I have also replaced rc.firewall with a differant one that has only - > > /sbin/ipfw -f flush > > /sbin/ipfw add divert natd all from any to any via dc0 > > /sbin/ipfw add pass all from any to any > > And I get the same error messages. > > Are really there? Yep: divert 8668 ip from any to any via dc0 allow ip from any to any via lo0 deny ip from any to any 127.0.0.0/0 deny ip from 127.0.0.0/0 to any allow ip from any to any deny ip from any to any > > It appears to be a route problem, but netstat does show a default route > > (see below). > > > > I am at a total loss for a solution here. > > [snip] > > > # -- sysinstall generated deltas -- # Tue Sep 25 22:38:43 2001 > > # Created: Tue Sep 25 22:38:43 2001 > > # Enable network daemons for user convenience. > > # Please make all changes to this file, not to /etc/defaults/rc.conf. > > # This file now contains just the overrides from /etc/defaults/rc.conf. > > network_interfaces="xl0 dc0 lo0" > > firewall_enable="YES" > > firewall_script="/etc/rc.firewall" > > firewall_type="open" > > gateway_enable="YES" > > natd_interface="dc0" > > natd_enable="YES" > > natd_flags="-f /etc/natd.conf" > > router_enable="YES" > > Drop this. I did. > > defaultrouter="66.114.152.1" > > hostname="firewall.wiegand.org" > > ifconfig_xl0="inet 192.168.1.10 netmask 255.255.255.0" > > ifconfig_dc0="inet 66.114.152.128 netmask 255.255.248.0" > > moused_enable="YES" > > moused_port="/dev/cuaa1" > > moused_type="mouseman" > > sendmail_enable="NO" > > sshd_enable="YES" > > Again, doublecheck the firewall rules are actually being loaded. If > they are, something really strange is going on. Agreed I am also getting the following message: firewall /kernel: arp: 66.114.152.128 is on lo0 but got reply from xl0 yet ifconfig -a confirms that dc0 is 66.114.152.128 and xl0 is 192.168.1.10 -- Chip W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message