From owner-freebsd-questions Wed Nov 1 0:27:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 98AAA37B479 for ; Wed, 1 Nov 2000 00:27:38 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 1 Nov 2000 00:26:16 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eA18RaI15754; Wed, 1 Nov 2000 00:27:36 -0800 (PST) (envelope-from cjc) Date: Wed, 1 Nov 2000 00:27:36 -0800 From: "Crist J . Clark" To: Ruslan Ermilov Cc: Kenneth Wayne Culver , freebsd-questions@FreeBSD.ORG Subject: Re: natd errors. Message-ID: <20001101002735.I75251@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20001101093421.A33449@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001101093421.A33449@sunbay.com>; from ru@sunbay.com on Wed, Nov 01, 2000 at 09:34:21AM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Nov 01, 2000 at 09:34:21AM +0200, Ruslan Ermilov wrote: > On Tue, Oct 31, 2000 at 04:24:12PM -0500, Kenneth Wayne Culver wrote: > > I just decided to make my firewall rules more strict, so I set my type to > > "simple" in rc.conf... and now I get this error > > Oct 31 16:16:07 culverk natd[139]: failed to write packet back (Permission > > denied) > > > This happens when ipfw blocks packets written back by natd(8). > > > my rules are the same rules as the "simple" specification in rc.firewall. > > > There was a problem with the stock "simple" firewall, which has now been > fixed in 4.1-STABLE (/etc/rc.firewall, rev 1.30.2.5). > > > Could someone tell me how to get rid of this error? > > > Make sure your rc.firewall is rev 1.30.2.5 or higher. Hmmm, I have a 1.30.2.6 file right here and it still looks to me like it does not have a chance of working for your average natd(8) setup. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message