From owner-freebsd-questions  Sat Jun  9 21:20:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP id CC29A37B405
	for <freebsd-questions@freebsd.org>; Sat,  9 Jun 2001 21:20:09 -0700 (PDT)
	(envelope-from ipthomas_77@yahoo.com)
Received: from scraemondaemon.my.domain (1Cust12.tnt3.buffalo.ny.da.uu.net [63.20.91.12])
	by swan.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id VAA07356
	for <freebsd-questions@freebsd.org>; Sat, 9 Jun 2001 21:20:08 -0700 (PDT)
Received: (from ipt@localhost)
	by scraemondaemon.my.domain (8.9.3/8.9.3) id AAA00394
	for freebsd-questions@freebsd.org; Sun, 10 Jun 2001 00:19:04 -0400 (EDT)
	(envelope-from ipt)
From: "Ian P. Thomas" <ipthomas_77@yahoo.com>
Message-Id: <200106100419.AAA00394@scraemondaemon.my.domain>
Subject: natd failed to write packet back
To: freebsd-questions@freebsd.org
Date: Sun, 10 Jun 2001 00:19:03 -0400 (EDT)
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	I keep getting this message after implementing the firewall
described on freebsd.org for dial-up users with dynamic IP's.

natd failed to write packet back (Permission Denied)

It seems that nat is trying to work before the ppp connection is up.  Is this
correct, and is there any way to have natd wait a few seconds before
starting up at boot time?  Or does the Permission denied part have to do
with the firewall rules.

# set the firewall command
fwcmd="/sbin/ipfw"
# flush rules first
$fwcmd -f flush
# divert all packets to the tun interface
$fwcmd add divert natd all from any to any via tun0
# allow any data from the localhost
$fwcmd add allow ip from any to any via lo0
# allow any connections initiated by this host
$fwcmd add allow tcp from any to any out xmit tun0 setup
# allow established connections to remain open
$fwcmd add allow tcp from any to any via tun0 established
# reset ident packages, don't give out any info
$fwcmd add reset log tcp from any to any 113 in recv tun0
# allow outgoing requests to specific DNS servers
$fwcmd add allow udp from any to 207.217.120.83 53 out xmit tun0
# allow responses to DNS requests
$fwcmd add allow udp from 207.217.120.83 53 to any in recv tun0

	Thanks in advance.

Ian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message