From owner-freebsd-questions  Mon Aug  6 17:38:56 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from grumpy.dyndns.org (user-24-214-76-217.knology.net [24.214.76.217])
	by hub.freebsd.org (Postfix) with ESMTP id B7DF237B403
	for <freebsd-questions@FreeBSD.ORG>; Mon,  6 Aug 2001 17:38:53 -0700 (PDT)
	(envelope-from dkelly@grumpy.dyndns.org)
Received: from localhost (localhost [127.0.0.1])
	by grumpy.dyndns.org (8.11.3/8.11.3) with ESMTP id f770cUx96672;
	Mon, 6 Aug 2001 19:38:30 -0500 (CDT)
	(envelope-from dkelly@grumpy.dyndns.org)
Message-Id: <200108070038.f770cUx96672@grumpy.dyndns.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: "Scott Reese" <sreese@codysbooks.com>
Cc: "Nick Rogness" <nick@rogness.net>, freebsd-questions@FreeBSD.ORG
Subject: Re: natd[135]:failed to write packet back 
In-Reply-To: Message from "Scott Reese" <sreese@codysbooks.com> 
   of "Mon, 06 Aug 2001 11:49:33 PDT." <033e01c11ea8$88787820$1800a8c0@borges> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 06 Aug 2001 19:38:30 -0500
From: David Kelly <dkelly@grumpy.dyndns.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Scott Reese" writes:
> 
> I don't think it's a Windows thing because the other machines on the network
> are off-line when the errors pop up (one is a Win2K box and the other is Mac
> laptop).  They always show up at the same time every night:  one at 3:07 AM
> and another at 3:09 AM.  This happens whether or not the other computers are
> actually on.  So, I'm not sure what the source/destination is and I guess
> that's really what I'm trying to find out.  Any ideas?

If you have ipfw logging enabled try to correlate the /var/log/message 
error with one in /var/log/security. The problem is a packet was given 
to natd via divert but the re-written packet is denied by a firewall 
rule.

Manually debug by manually adding from the keyboard "ipfw add NNNN log
deny ..." cloned rules in front of your non-logging deny rules. 
Liberally probe the status with "ipfw -a list" and reset the counts 
with "ipfw zero".

IMHO natd should be more verbose about the problem packet.

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message