Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Nov 2000 18:11:58 -0800
From:      "Crist J . Clark" <cjclark@reflexnet.net>
To:        thursday@altavista.net
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: your mail
Message-ID:  <20001126181158.M70192@149.211.6.64.reflexcom.com>
In-Reply-To: <00112617561277.08110@weba2.iname.net>; from thursday@altavista.net on Sun, Nov 26, 2000 at 05:56:12PM -0500
References:  <00112617561277.08110@weba2.iname.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 26, 2000 at 05:56:12PM -0500, thursday@altavista.net wrote:
Content-Description: text, unencoded
> >[Please wrap your lines at about 70 columns or so for 
> >those of us with RFC compliant MUAs. All of your 
> >paragraphs are on one line.]
> 
> Sorry about that; using iname's webmail client.
> 
> >> "Nov 25 13:44:47 saucer natd[147]: failed to write
> >> packet back (Permission denied)
> >> 
> >> Nov 25 13:44:53 saucer last message repeated 4 times
> >> "
> >> 
> >> My questions are: What's up with this? Is this due
> >> to my firewall rules, or something else? I have log 
> >>no set in /etc/natd.conf, and I'd rather not see
> >> this message if it's not affecting performance. I 
> >> never saw this before on my 3.4 system.
> 
> > This is due to a packet that was processed by >natd(8) being dropped later in the firewall rules.
> 
> >> If there are some relevant files I can attach to 
> >> help troubleshooting, please let me know.
> 
> >For the 'failed to write packet back' problem, a copy
> > of both
> >rc.firewall and output of 'ipfw show' are good if you >still need help
> >with those.
> 
> Well...after poking around a bit, I've determined that 
> the 'natd failed to write packet back' messages occur
> whenever there's a hit (from the outside world) on any 
> of the websites hosted on this machine.
> 
> But, I don't know why natd is seeing these. 

The divert(4) is your first rule. Any packet coming in the external
interface goes through natd(8).

> I've attached my rc.firewall (note, the outside IP isn't my real IP) and the output of 'ipfw show' (at the bottom of rc.firewall).

Looking at your 'ipfw show' output, I must say I am a bit puzzled. It
looks like everything is falling through the firewall? The only rule
with any matches is your 'DEFAULT_TO_ACCEPT' rule at the end. You got
that from the running system with the 'permission denied' messages?
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126181158.M70192>