Date: Thu, 22 Feb 2001 01:09:43 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Kathy Quinlan <katinka@magestower.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Natd errors Message-ID: <20010222010943.E89396@rfx-216-196-73-168.users.reflex> In-Reply-To: <00f901c09c73$7e036e20$fe00a8c0@kat.lan>; from katinka@magestower.com on Thu, Feb 22, 2001 at 09:59:02AM %2B0800 References: <00f901c09c73$7e036e20$fe00a8c0@kat.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 22, 2001 at 09:59:02AM +0800, Kathy Quinlan wrote: > Hi all, > > I have an error coming up on my server, it has only started occurring since > I put natd up (funny that) Well, it would really have been something if you had been getting errors from natd(8) when you were not running it. > The error is as follows: > Feb 22 10:00:05 serverbsd natd[104]: failed to write packet back (Permission > denied) > Feb 22 10:00:36 serverbsd last message repeated 3 times > > and at random intervials, I get up to 40 of these at once. > > Any ideas if any further info is needed I can supply :o) These messages are produced when a translated packet is dropped later in the firewall rules after being processed by natd(8). It is, generally speaking, Not A Good Thing (but not a terribly Bad Thing either). It most often implies that you are either denying replies that were added to the NAT table on the way out or that you are doing some type of redirect and doing the filter after natd. In the first case, you are allowing traffic out, but not letting in the replies back. You probably should be blocking the outgoing traffic in the first place. In the second case, you are better off filtering all you can before natd for both security and performance reasons. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222010943.E89396>