From owner-freebsd-questions Fri Oct 6 12:51:55 2000 Delivered-To: freebsd-questions@freebsd.org Received: from khoral.com (charon.khoral.com [209.75.155.97]) by hub.freebsd.org (Postfix) with ESMTP id 8422B37B502 for ; Fri, 6 Oct 2000 12:51:51 -0700 (PDT) Received: from benson.alb.khoral.com (benson.alb.khoral.com [10.1.2.11]) by khoral.com (8.9.3/8.9.3) with ESMTP id NAA08472; Fri, 6 Oct 2000 13:51:36 -0600 (MDT) From: Steve Jorgensen Message-Id: <200010061950.NAA13324@benson.alb.khoral.com> Subject: Re: ipfw & natd config problems (solved) To: questions@freebsd.org Date: Fri, 6 Oct 2000 13:50:54 -0600 (MDT) Cc: philip@adhesivemedia.com, brent@kearneys.ca, cjclark@alum.mit.edu, salas@khoral.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I think I've finally got my problem solved. In case you didn't remember, I was getting a lot of the following messages: natd[163]: failed to write packet back (Permission denied) as natd was running on my 4.1.1-RELEASE firewall. Anyway, my rules are a modified set of the simple firewall rules in rc.firewall, and the problem is the part of the file where it does the rules for "Stop RFC1918 nets on the outside interface" AFTER the natd divert rule. After getting rid of those rules, the error messages stopped. Of course, that begs the question of why the default (supposedly working) simple firewall rules have these line that cause this error. :) At any rate, I want to thank Crist, Brent, and Philip for their suggestions, it helped me narrow down the search to just a few rules. Steve -- ----------------------------------------------------------- Steven Jorgensen steve@khoral.com steve@spukhaus.com ------------------------------+---------------------------- Khoral Research Inc. | PHONE: (505) 837-6500 6200 Uptown Blvd, Suite 200 | FAX: (505) 881-3842 Albuquerque, NM 87110 | URL: http://www.khoral.com/ ----------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message