From owner-freebsd-questions  Sat Apr  7  1:17:32 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from priv-edtnes04-hme0.telusplanet.net (fepout2.telus.net [199.185.220.237])
	by hub.freebsd.org (Postfix) with ESMTP id 3CB1037B42C
	for <freebsd-questions@FreeBSD.ORG>; Sat,  7 Apr 2001 01:17:30 -0700 (PDT)
	(envelope-from tmchow@sfu.ca)
Received: from CRX.sfu.ca ([209.53.63.29])
          by priv-edtnes04-hme0.telusplanet.net
          (InterMail vM.4.01.03.10 201-229-121-110) with ESMTP
          id <20010407081725.WVZB27239.priv-edtnes04-hme0.telusplanet.net@CRX.sfu.ca>;
          Sat, 7 Apr 2001 02:17:25 -0600
Message-Id: <5.0.2.1.2.20010407012235.02502de0@popserver.sfu.ca>
X-Sender: tmchow@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Sat, 07 Apr 2001 01:23:12 -0700
To: Nick Rogness <nick@rogness.net>
From: Trevin Chow <tmchow@sfu.ca>
Subject: Re: Natd - "failed to write packet back"
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.21.0104070346110.19859-100000@cody.jharris.com>
References: <Pine.GSO.4.30.0104070037500.1058-100000@fraser.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 03:49 AM 4/7/2001 -0500, Nick Rogness wrote:
> > 65535 2 390 deny ip from any to any
>         ^^^^^
>         Rule 65535 is denying your packets...You are not allowing
>         valid traffic...which is why you are getting a "permission
>         denied".  I would recommend running a allow log rule before it to
>         see what valid traffic looks like...then do your filtering after
>         you know for sure stuff works.

I'm not sure what you mean.  All my rules above it allow for valid 
traffic.  Isn't the last rule applied as a "last resort" if it hasn't 
matched anything above?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message