Date: Mon, 29 May 2000 16:53:47 -0600 (MDT) From: Allen Campbell <allenc@campbell.cwx.net> To: freebsd-questions@freebsd.org Subject: natd: failed to write packet back: Permission denied Message-ID: <200005292253.QAA22609@campbell.cwx.net>
next in thread | raw e-mail | index | archive | help
Natd is reporting: natd: failed to write packet back: Permission denied I have traced this to an interaction between Samba and natd. Samba appears to be broadcasting to the lo0 interface. I have configured smb.conf with `bind interfaces only = true' to the internal Ethernet interface and the loopback interface to prevent broadcasts to the ISP subnet. It doesn't surprise me to see Samba performing broadcasts on the configured interfaces. I want Samba on lo0 for the password change facility. I have found that natd is translating Samba broadcasts to the loopback interface into packets with the source address of the divert socket interface. Output from natd -v is shown here (216.17.176.12 is the external interface IP address): Out [UDP] [UDP] 127.0.0.1:137 -> 127.255.255.255:137 aliased to [UDP] 216.17.176.12:137 -> 127.255.255.255:137 natd: failed to write packet back: Permission denied My ipfw setup, based largely on /etc/rc.firewall, stops such packets. The relevant parts of the ipfw configuration is shown here: (dc0 = external interface) 00100 divert 8668 ip from any to any via dc0 00200 allow ip from any to any via lo0 00300 deny ip from any to 127.0.0.0/8 [ ... ] My question is; Why is natd interfering with the lo0 broadcast packets? The divert socket is specific to the external interface (dc0) and the lo0 broadcast packets are clearly from and to the loopback interface. I'm not an IP guru so I don't fully understand the implications of broadcasting to the loopback interface. Perhaps this is normal behavior for natd. What approach should I take? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005292253.QAA22609>