From owner-freebsd-questions  Sun Aug 26  4:35:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ghost.blacktrap.net (20-230.CampusNet.ucl.ac.be [130.104.20.230])
	by hub.freebsd.org (Postfix) with ESMTP id 8700837B403
	for <freebsd-questions@FreeBSD.ORG>; Sun, 26 Aug 2001 04:35:11 -0700 (PDT)
	(envelope-from olinether@ghost.blacktrap.net)
Received: (from olinether@localhost)
	by ghost.blacktrap.net (8.11.3/8.11.3) id f7QBZ9601614
	for freebsd-questions@FreeBSD.ORG; Sun, 26 Aug 2001 13:35:09 +0200 (CEST)
	(envelope-from olinether)
Date: Sun, 26 Aug 2001 13:35:09 +0200
From: OliNether <olinether@blacktrap.net>
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: natd[175]: failed to write packet back (Permission denied)
Message-ID: <20010826133509.A1321@blacktrap.net>
Mail-Followup-To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: message text
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

I'm sure this is a stupid question, but I can't figure what's going on here.
I have a VPN setup with a ssh tunnel over ppp, and directed to a couple
FreeBSD boxen at work etc.. A couple weeks ago I started to get many of 
the following messages in the system log, every couple seconds or so :

 natd[175]: failed to write packet back (Permission denied)
 sshd[312]: fatal: Write failed: Permission denied

So I checked /var/log/security and noticed that this rule was blocking the
packets :

 # Stop RFC1918 nets on the outside interface
 add deny log all from any to 192.168.0.0/16 via EXTERN_IFACE
 (where EXTERN_IFACE is my external NIC, ed0)

Here is an example of what was in /var/log/security :

/kernel: ipfw: 1400 Deny TCP xxx.xx.218.22:1602 192.168.66.8:80 out via ed0

And many of the same kind of lines with different ports and different source
IP's and VPN destination IP's. This doesn't look suspicious since xxx.xx.218.22,
for example, is the IP of one of the computers I am connected to through the 
VPN, and 192.168.66 is the subnetwork for the VPN IP's.
So it looks like a computer from the VPN is trying to reach another one
through the VPN, but this is weird though ed0, since the VPN interfaces are
tun0 etc.. 
Then I changed the rule in the firewall to 

 add deny log all from any to 192.168.0.0/16 in via EXTERN_IFACE

to avoid those annoying messages but I'm not sure this is safe to do? 
And what could cause the packets to go through ed0 instead of the relevant tun ?
There are other rules before in the firewall to allow normal VPN packets to 
pass :
 add allow all from 192.168.0.0/16 to 192.168.0.0/16 via tun0
 ... and same for the other tun's

Here is an example of how my ppp.conf looks for the different hosts I am
connected to :

yavin:
        # my end: 66.1, yavin end: 66.2
        set ifaddr 192.168.66.1 192.168.66.2 255.255.255.255
        # routing
        add 192.168.4.0/24 HISADDR
        set timeout 0

And the corresponding ppp.conf on yavin for example. (ghost is my computer, 
which could be seen as acting like a HUB box for the different VPN comps)

ghost:
 set device "!ssh -i /etc/ppp/ppp.key xxx.xxx.20.230"
 set ifaddr 192.168.66.4 192.168.66.3 255.255.255.255
 add 192.168.1.0/24 HISADDR
 set dial
 set timeout 0

And the relevant output of 'netstat -rn' on my computer :

 root@ghost:/etc# netstat -rn
 Routing tables
 
 Internet:
 Destination        Gateway            Flags     Refs     Use     Netif Expire
 default            xxx.xxx.20.1       UGSc       14      120      ed0
 127.0.0.1          127.0.0.1          UH          4     1301      lo0
 xxx.xxx.20/24      link#1             UC          0        0      ed0 =>
 192.168.0.128/25   192.168.66.12      UGSc        0      320     tun3
 192.168.1          link#2             UC          0        0      dc0 =>
 192.168.2          192.168.66.4       UGSc        0        2     tun0
 192.168.4          192.168.66.2       UGSc        0        3     tun1
 192.168.66.1       lo0                UHS         0        0      lo0
 192.168.66.2       192.168.66.1       UH          1       92     tun1
 192.168.66.3       lo0                UHS         0        0      lo0
 192.168.66.4       192.168.66.3       UH          1      197     tun0
 192.168.66.7       lo0                UHS         0        0      lo0
 192.168.66.8       192.168.66.7       UH          1     1371     tun2
 192.168.66.11      lo0                UHS         0        0      lo0
 192.168.66.12      192.168.66.11      UH          1      325     tun3

Other than those messages, the VPN is working perfectly fine, but I hate
having error messages I don't understand accumulating in the logs.
I'll be glad to provide more info if needed, but the rest of the config is
what you would except it to be I think. (whatever that could mean :P )

Thank you in advance for your help :)

-- 
OliNether

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message