From owner-freebsd-security Thu Jan 27 2:34:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from pouet.noc.fr.clara.net (glou.noc.fr.clara.net [212.43.195.29]) by hub.freebsd.org (Postfix) with ESMTP id EF3BB15202 for ; Thu, 27 Jan 2000 02:34:37 -0800 (PST) (envelope-from sameh@fr.clara.net) Received: by pouet.noc.fr.clara.net (Postfix, from userid 1000) id F28FE184; Thu, 27 Jan 2000 11:33:32 +0100 (CET) Date: Thu, 27 Jan 2000 11:33:31 +0100 From: Sameh Ghane To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Riddle me this Message-ID: <20000127113330.A34644@noc.fr.clara.net> References: <200001270355.UAA01355@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0.1i In-Reply-To: <200001270355.UAA01355@lariat.lariat.org>; from brett@lariat.org on Wed, Jan 26, 2000 at 08:55:50PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Le Wed, Jan 26, 2000 at 08:55:50PM -0700, Brett Glass écrivit: > 00049 deny ip from 224.0.0.0/4 to any via any > 00050 deny ip from any to 224.0.0.0/4 via any > > So far, so good. But a couple of days later, when I checked the logs, I saw: > > Jan 26 15:23:49 victim natd[125]: failed to write packet back (No route to host) > > Maybe I'm just dense this evening and the cause of the message is obvious, but > I can't figure out what would have generated this message. The system has a > static default route to the upstream ISP's router. > > Is this a side effect of the rules I added? Or of something else? No, you would have get a "Permission denied" error message. Try to hack /usr/src/sbin/natd/natd.c and especially the 'FlushPacketBuffer' function to see which IP adress are implicated. -- Sameh Ghane To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message