Date: Thu, 17 Feb 2000 20:29:53 -0500 From: Chris Hill <chris@monochrome.org> To: FreeBSD Questions list <freebsd-questions@FreeBSD.ORG> Subject: Recent natd troubles Message-ID: <v03007801b4ce28571b33@[192.168.1.3]>
next in thread | raw e-mail | index | archive | help
I've been running NATD with no trouble ever since 2.2.6. Since October my
gateway machine has been running 3.3R. It has two interfaces - one
connected to my DSL bridge, the other connected to a little hub which
serves my 192.168.x.x LAN. Lately I'm getting a lot of console messages
like:
Feb 17 18:50:09 mail natd[28947]: failed to write packet back (No route to
host)
Feb 17 18:52:25 mail last message repeated 89 times
Feb 17 20:02:04 mail natd[28947]: failed to write packet back (No route to
host)
Feb 17 20:03:46 mail last message repeated 39 times
This usually happens in conjunction with a DNS lookup timing out, either
from an "inside" machine or from the gateway. I also found out this morning
that I was not able to connect to my system from out in the world, but that
may be an unrelated DSL problem.
Any insight would be appreciated! Details below.
Here are the relevant bits from rc.conf:
gateway_enable="YES"
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_type="open" # Firewall type (see /etc/rc.firewall)
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="ed1" # Public interface or IPaddress to use.
log_in_vain="YES" # Disallow bad connection logging (or YES)
inetd_flags="-l -R 1024" # Optional flags to inted.
...the output of 'ipfw show' is
00100 43819 21722406 divert 8668 ip from any to any via ed1
00100 1048 44788 allow ip from any to any via lo0
00200 423 99855 deny ip from any to 127.0.0.0/8
65000 82301 42827551 allow ip from any to any
65535 1027 96132 deny ip from any to any
It may be relevant that I'm running a name server on this machine. My
named.conf is as follows (comments removed to save space, my own comments
added for clarity)
options {
directory "/etc/namedb";
forwarders {
aaa.bbb.112.70; <- ISP's primary NS
ccc.ddd.217.16; <- ISP's secondary NS
eee.fff.12.4; <- old ISP's primary
eee.fff.12.6; <- old ISP's secondary
};
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "monochrome.org" {
type master;
file "db.monochrome";
};
zone "192.monochrome.org" { <-for inside net
type master;
file "db.192.monochrome";
allow-query {
127.0.0.1/32; 192.168.1.0/24;
};
allow-transfer {
127.0.0.1/32; 192.168.1.0/24;
};
};
zone "1.168.192.in-addr.arpa" { <- reverse DNS for inside net
type master;
file "db.192.monochrome.rev";
allow-query {
127.0.0.1/32; 192.168.1.0/24;
};
allow-transfer {
127.0.0.1/32; 192.168.1.0/24;
};
};
--
Chris Hill chris@monochrome.org
[place witty saying here]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v03007801b4ce28571b33>