From owner-freebsd-questions Sat Jun 9 21:20:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by hub.freebsd.org (Postfix) with ESMTP id CC29A37B405 for ; Sat, 9 Jun 2001 21:20:09 -0700 (PDT) (envelope-from ipthomas_77@yahoo.com) Received: from scraemondaemon.my.domain (1Cust12.tnt3.buffalo.ny.da.uu.net [63.20.91.12]) by swan.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id VAA07356 for ; Sat, 9 Jun 2001 21:20:08 -0700 (PDT) Received: (from ipt@localhost) by scraemondaemon.my.domain (8.9.3/8.9.3) id AAA00394 for freebsd-questions@freebsd.org; Sun, 10 Jun 2001 00:19:04 -0400 (EDT) (envelope-from ipt) From: "Ian P. Thomas" Message-Id: <200106100419.AAA00394@scraemondaemon.my.domain> Subject: natd failed to write packet back To: freebsd-questions@freebsd.org Date: Sun, 10 Jun 2001 00:19:03 -0400 (EDT) X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I keep getting this message after implementing the firewall described on freebsd.org for dial-up users with dynamic IP's. natd failed to write packet back (Permission Denied) It seems that nat is trying to work before the ppp connection is up. Is this correct, and is there any way to have natd wait a few seconds before starting up at boot time? Or does the Permission denied part have to do with the firewall rules. # set the firewall command fwcmd="/sbin/ipfw" # flush rules first $fwcmd -f flush # divert all packets to the tun interface $fwcmd add divert natd all from any to any via tun0 # allow any data from the localhost $fwcmd add allow ip from any to any via lo0 # allow any connections initiated by this host $fwcmd add allow tcp from any to any out xmit tun0 setup # allow established connections to remain open $fwcmd add allow tcp from any to any via tun0 established # reset ident packages, don't give out any info $fwcmd add reset log tcp from any to any 113 in recv tun0 # allow outgoing requests to specific DNS servers $fwcmd add allow udp from any to 207.217.120.83 53 out xmit tun0 # allow responses to DNS requests $fwcmd add allow udp from 207.217.120.83 53 to any in recv tun0 Thanks in advance. Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message