Date: Sat, 2 Sep 2000 13:00:34 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Caleb Walker <caleb.walker@home.com> Cc: questions@FreeBSD.ORG Subject: Re: natd Message-ID: <20000902130034.Q62475@149.211.6.64.reflexcom.com> In-Reply-To: <00090200000200.00313@butthead.walker>; from caleb.walker@home.com on Fri, Sep 01, 2000 at 11:57:57PM -0700 References: <00090122021204.00263@butthead.walker> <20000901235330.P62475@149.211.6.64.reflexcom.com> <00090200000200.00313@butthead.walker>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 01, 2000 at 11:57:57PM -0700, Caleb Walker wrote: > On Fri, 01 Sep 2000, Crist J . Clark wrote: > > On Fri, Sep 01, 2000 at 10:00:17PM -0700, Caleb Walker wrote: > > > > > > I am getting a message on my console all the time since I enabled my > > > firewall. It says a billion times over: > > > natd[158]: failed to write packet back (permission denied) and that > > > is it. I dont know what it is. Does anyone else know? > > > > It usually means that a packet that natd(8) processed is getting > > blocked by the firewall when it is being sent out. > > Well I figured that much especially since this always starts to happen > when I enable the firewall. But why and what? I dont get any hint as > to what is being blocked. I do have logging enabled in the kernel as > well. In my rc.conf file I have firewall=simple. If you are using the generic SIMPLE firewall, there are a lot of rules in there that drop packets without logging. My guess is that you are translating RFC1918 addresses? Have a look at the rc.firewall script again and read the comments about that situation. Note that the rc.firewall script is not really intended to be used as-is off the shelf. Every site has its own policy. For example, are you running WWW, SMTP, NTP, _and_ DNS on your firewall? But those are all enabled _as examples_ in the stock one. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000902130034.Q62475>