Date: Fri, 4 Aug 2000 00:22:53 +0400 From: "Oleg Y. Ivanov" <oleg_y_ivanov@mailru.com> To: "Shaun Jurrens" <shaun@shamz.net> Cc: <freebsd-ipfw@FreeBSD.ORG> Subject: Re: connections via natd dying in natd Message-ID: <003c01bffd88$a2df8380$0801a8c0@admin.uzdw-centre.ru>
next in thread | raw e-mail | index | archive | help
Hey , I also have this problem =8-((( In my case this message usually appears when ipfw is used in stateful mode & rule with "keep-state" addendum expires.Packet written by natd hits default (or any other ;) "deny" rule. Is this scenario enough realistic ? >>Shaun Jurrens writes: >> I have been struggling with this problem for a number of months, actually. I >> had it using 3-STABLE boxes and now with one 4-STABLE through the 3(.5)-STABLE >> natd gateway, the same problem occurs. The problem: connections via natd >> suddenly drop and similtaneously, I get errors on the console for the gateway >> box that natd has "failed to write the packet back (Permission denied)". This >> is almost exclusively with ssh connections (mostly because they are the most >> constant long time connections I have to notice this behavior) > >Don't know if this is much help, but.. > >"failed to write the packet back (Permission denied)" almost definitely >indicates that the packet being written back hit an 'ipfw deny' packet >filtering rule. This is the only way that a write to a socket can >generate an EPERM error. > >So I'd start by turining on ipfw logging for all deny rules to see >which one is being triggered. > --------------------------------- Sincerely Yours , Oleg Y. Ivanov : sysadmin & DBA of UzDaewoo Centre , Moscow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003c01bffd88$a2df8380$0801a8c0>