Date: Sun, 26 Nov 2000 18:11:58 -0800 From: "Crist J . Clark" <cjclark@reflexnet.net> To: thursday@altavista.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: your mail Message-ID: <20001126181158.M70192@149.211.6.64.reflexcom.com> In-Reply-To: <00112617561277.08110@weba2.iname.net>; from thursday@altavista.net on Sun, Nov 26, 2000 at 05:56:12PM -0500 References: <00112617561277.08110@weba2.iname.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 26, 2000 at 05:56:12PM -0500, thursday@altavista.net wrote: Content-Description: text, unencoded > >[Please wrap your lines at about 70 columns or so for > >those of us with RFC compliant MUAs. All of your > >paragraphs are on one line.] > > Sorry about that; using iname's webmail client. > > >> "Nov 25 13:44:47 saucer natd[147]: failed to write > >> packet back (Permission denied) > >> > >> Nov 25 13:44:53 saucer last message repeated 4 times > >> " > >> > >> My questions are: What's up with this? Is this due > >> to my firewall rules, or something else? I have log > >>no set in /etc/natd.conf, and I'd rather not see > >> this message if it's not affecting performance. I > >> never saw this before on my 3.4 system. > > > This is due to a packet that was processed by >natd(8) being dropped later in the firewall rules. > > >> If there are some relevant files I can attach to > >> help troubleshooting, please let me know. > > >For the 'failed to write packet back' problem, a copy > > of both > >rc.firewall and output of 'ipfw show' are good if you >still need help > >with those. > > Well...after poking around a bit, I've determined that > the 'natd failed to write packet back' messages occur > whenever there's a hit (from the outside world) on any > of the websites hosted on this machine. > > But, I don't know why natd is seeing these. The divert(4) is your first rule. Any packet coming in the external interface goes through natd(8). > I've attached my rc.firewall (note, the outside IP isn't my real IP) and the output of 'ipfw show' (at the bottom of rc.firewall). Looking at your 'ipfw show' output, I must say I am a bit puzzled. It looks like everything is falling through the firewall? The only rule with any matches is your 'DEFAULT_TO_ACCEPT' rule at the end. You got that from the running system with the 'permission denied' messages? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126181158.M70192>