Date: Tue, 3 Oct 2000 15:29:17 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: Eli Stair <estair@computer-exchange.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD,IPFW error: "Failed to write packet back:Permission denied" Message-ID: <20001003152917.A41304@sunbay.com> In-Reply-To: <200010030813.AA28639426@computer-exchange.com>; from estair@computer-exchange.com on Tue, Oct 03, 2000 at 08:13:58AM -0400 References: <200010030813.AA28639426@computer-exchange.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 03, 2000 at 08:13:58AM -0400, Eli Stair wrote: > ======================================================================== > > Hello all! Here's my situation: > > I've got a machine running FBSD 4.1 with 2 NIC's, identical 3c905's, > compiled kernel with IPFIREWALL, IPDIVERT, firewall set to open by default. > xl0, private interface uses 192.168.0.1, is working ok. xl1, public interface > configured via DHCP, connected to cable modem, works too. System boots with > no errors. However, I cannot ping the outside world from any of my internal > machines, "host not found". > Do you have `gateway_enable' variable set to YES in /etc/rc.conf? Are you sure your local machines use your host as the default gateway? > In addition, I cannot ping localhost. When I issue "ping localhost", > I receive "%time%SHRIKE natd[%pid%]:failed to write packet back > (Permission Denied)" > This is most typically the firewall misconfiguration. Send me the output of the following commands from the live machine: # ipfw list # ifconfig -a inet # netstat -rn -finet > Dumb question is does this have to be configured for IPFW/NATD to work. > If so is there any way I can pass parameters to this from DHCLIENT at boot > time, as the "oip" is going to change frequently since have (*yuck*) 3-way > cable with telephone. > > >>>Snip from rc.firewall > # set these to your outside interface network and netmask and ip > oif="xl1" > onet="24.216.250.0" > omask="255.255.255.128" > oip="" > > #I have set these to what is given as output from DHCLIENT on boot. > For OPEN firewall type this is not required. > Basically I just want make sure the internal network has internet access, > if I can disable any IPFW rules etc. so that works I will, I'll tighten up > security later. > > My pre-emptive thanks to anyone who can shed light on this, or point my > nose in the right direction. Right now I just don't know what the next > step would be. I'm semi-familiar with UNIX, use linux on another box, > etc. If more info is needed, full rc.firewall etc, I can get it for you. > Thanks! ;-} > > /eli > > > > >>>> Here is a clip from rc.conf, just to give you info on what > everything is set to. > > network_interfaces="xl0 xl1" > > ifconfig_xl0="inet 192.168.0.1 netmask 255.255.255.0" > > ifconfig_xl1="DHCP" > > firewall_enable="YES" > > firewall_script="/etc/rc.firewall" > > firewall_type="OPEN" > > firewall_quiet="NO" > > firewall_flags="" > > natd_program="/sbin/natd" > > natd_enable="YES" > > natd_interface="xl1" > > natd_flags="-dynamic" > Other than unknown value of gateway_enable I would say your setup looks OK. <PS>Please wrap lines when sending mail.</PS> -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001003152917.A41304>