From owner-freebsd-questions Mon Oct 16 12:56:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from bsd1.alaptech.com (cable-225-4-237-24.anchorageak.net [24.237.4.225]) by hub.freebsd.org (Postfix) with ESMTP id 9F5F437B66C for ; Mon, 16 Oct 2000 12:56:18 -0700 (PDT) Received: (from kirk@localhost) by bsd1.alaptech.com (8.11.0/8.9.3) id e9GJtLe00386 for freebsd-questions@freebsd.org; Mon, 16 Oct 2000 11:55:21 -0800 (AKDT) (envelope-from kirk) Date: Mon, 16 Oct 2000 11:55:21 -0800 From: Kirk Brogdon To: freebsd-questions@freebsd.org Subject: natd / tcpdump question Message-ID: <20001016115521.A349@bsd1.alaptech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i DisOrganization: ALAP Technology - Chugiak, AK USA Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I started getting flooded with the "natd[]: failed to write packet back, (host is down) messages. I found some archives where Crist Clark said to run tcpdump on the interface and look for arps that weren't getting an answer. I tried that first on the outside net I/F (fxp0 in my case) since that is how I have the natd interface configured in rc.conf (natd_interface="fxp0"). This gave me what appeared to be every arp request for the cable network. I then tried the tcpdump on my lan I/F (rl0) and got the following: 11:31:47.774308 arp who-has 132.17.0.60 (3:0:0:0:a1:26) tell 132.17.0.6 11:32:05.846045 arp who-has bsd1.alaptech.com tell alap2.alaptech.com 11:32:05.846078 arp reply bsd1.alaptech.com is-at 0:e0:29:70:43:5d 11:32:17.774797 arp who-has 132.17.0.60 (3:0:0:0:a1:26) tell 132.17.0.6 11:32:47.774879 arp who-has 132.17.0.60 (3:0:0:0:a1:26) tell 132.17.0.6 11:33:17.775523 arp who-has 132.17.0.60 (3:0:0:0:a1:26) tell 132.17.0.6 I have no idea who 132.17.0.60 is nor why I would see the requests on my lan I/F. I did a traceroute on that IP and got as far as 132.17.120.11 (about 18 hops). If I try and ping 132.17.0.60, it is refused (I assume it is behind a firewall). Can anyone tell me what is going on and how I can make it stop? I do have my firewall set to open in rc.conf should that have anything to do with it. Thanks - Kirk -- ALAP Technology PO Box 672298 Chugiak, AK - USA 99567 (907) 688 8843 www.alaptech.com Specializing in Open Source Solutions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message