From owner-freebsd-questions Sun Nov 26 18:16: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 8363937B479 for ; Sun, 26 Nov 2000 18:16:03 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 26 Nov 2000 18:10:30 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAR2Bxd73162; Sun, 26 Nov 2000 18:11:59 -0800 (PST) (envelope-from cjc) Date: Sun, 26 Nov 2000 18:11:58 -0800 From: "Crist J . Clark" To: thursday@altavista.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: your mail Message-ID: <20001126181158.M70192@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <00112617561277.08110@weba2.iname.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <00112617561277.08110@weba2.iname.net>; from thursday@altavista.net on Sun, Nov 26, 2000 at 05:56:12PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Nov 26, 2000 at 05:56:12PM -0500, thursday@altavista.net wrote: Content-Description: text, unencoded > >[Please wrap your lines at about 70 columns or so for > >those of us with RFC compliant MUAs. All of your > >paragraphs are on one line.] > > Sorry about that; using iname's webmail client. > > >> "Nov 25 13:44:47 saucer natd[147]: failed to write > >> packet back (Permission denied) > >> > >> Nov 25 13:44:53 saucer last message repeated 4 times > >> " > >> > >> My questions are: What's up with this? Is this due > >> to my firewall rules, or something else? I have log > >>no set in /etc/natd.conf, and I'd rather not see > >> this message if it's not affecting performance. I > >> never saw this before on my 3.4 system. > > > This is due to a packet that was processed by >natd(8) being dropped later in the firewall rules. > > >> If there are some relevant files I can attach to > >> help troubleshooting, please let me know. > > >For the 'failed to write packet back' problem, a copy > > of both > >rc.firewall and output of 'ipfw show' are good if you >still need help > >with those. > > Well...after poking around a bit, I've determined that > the 'natd failed to write packet back' messages occur > whenever there's a hit (from the outside world) on any > of the websites hosted on this machine. > > But, I don't know why natd is seeing these. The divert(4) is your first rule. Any packet coming in the external interface goes through natd(8). > I've attached my rc.firewall (note, the outside IP isn't my real IP) and the output of 'ipfw show' (at the bottom of rc.firewall). Looking at your 'ipfw show' output, I must say I am a bit puzzled. It looks like everything is falling through the firewall? The only rule with any matches is your 'DEFAULT_TO_ACCEPT' rule at the end. You got that from the running system with the 'permission denied' messages? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message