Date: Mon, 4 Dec 2000 13:58:53 -0500 From: Charles Anderson <caa@columbus.rr.com> To: Gordon Tetlow <gordont@bluemtn.net> Cc: Frederik Meerwaldt <frederik@freddym.org>, freebsd-hackers@FreeBSD.ORG Subject: Re: natd bug Message-ID: <20001204135853.A24637@midgard.dhs.org> In-Reply-To: <Pine.BSF.4.05.10012021305030.24235-200000@sdmail0.sd.bmarts.com>; from gordont@bluemtn.net on Sat, Dec 02, 2000 at 01:11:37PM -0800 References: <Pine.BSF.4.21.0011302021590.20212-100000@server.wes.mee.com> <Pine.BSF.4.05.10012021305030.24235-200000@sdmail0.sd.bmarts.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I had the same thing until I removed rule 200 in rc.firewall (using open)
#${fwcmd} add 200 deny all from any to 127.0.0.0/8
Now it works, but I feel a bit less secure, but I don't have anything of
great importance on the box.
One thing I noticed in common, is we're both running Etherlink III's.
(although mine is isa and yours is PCI) I have a friend that a pair of fxp's,
and I tried his rc.firewall, that works fine for him, but doesn't for me.
-Charlie
dmesg is as follows.
Copyright (c) 1992-2000 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.0-CURRENT #0: Fri Sep 8 10:09:47 GMT 2000
root@midgard.dhs.org:/usr/obj/usr/src/sys/MIDGARD
Timecounter "i8254" frequency 1193182 Hz
Timecounter "TSC" frequency 463911525 Hz
CPU: Pentium II/Pentium II Xeon/Celeron (463.91-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x660 Stepping = 0
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
real memory = 134217728 (131072K bytes)
avail memory = 127090688 (124112K bytes)
Preloaded elf kernel "kernel.ko" at 0xc0364000.
Preloaded elf module "linux.ko" at 0xc03640a0.
Preloaded elf module "usb.ko" at 0xc0364140.
Preloaded elf module "ugen.ko" at 0xc03641dc.
Preloaded elf module "ums.ko" at 0xc0364278.
Preloaded elf module "randomdev.ko" at 0xc0364314.
Preloaded elf module "linprocfs.ko" at 0xc03643b8.
Pentium Pro MTRR support enabled
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <Matrox MGA G400 AGP graphics accelerator> at 0.0 irq 11
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xf000-0xf00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xe000-0xe01f irq 15 at device 7.2 on pci0
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ugen0: BELKIN UPS, rev 1.10/0.06, addr 2
ums0: Logitech USB Mouse, rev 1.10/6.10, addr 3, iclass 3/1
ums0: 4 buttons and Z dir.
intpm0: <Intel 82371AB Power management controller> port 0x5000-0x500f irq 9 at device 7.3 on pci0
intpm0: I/O mapped 5000
intpm0: intr IRQ 9 enabled revision 0
smbus0: <System Management Bus> on intsmb0
smb0: <SMBus general purpose I/O> on smbus0
intpm0: PM I/O mapped 4000
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0xe400-0xe41f mem 0xe4000000-0xe40fffff,0xe4102000-0xe4102fff irq 15 at device 11.0 on pci0
fxp0: Ethernet address 00:a0:c9:78:ae:3a
ncr0: <ncr 53c875 fast20 wide scsi> port 0xe800-0xe8ff mem 0xe4101000-0xe4101fff,0xe4100000-0xe41000ff irq 10 at device 13.0 on pci0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model MouseMan+, device ID 0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
joy0 at port 0x201 on isa0
ppc0: parallel port not found.
sc0: <System console> on isa0
sc0: VGA <16 virtual consoles, flags=0x200>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ep0: <3Com 3C509-BNC EtherLink III> at port 0x300-0x30f irq 10 on isa0
ep0: No irq?!
ep0: ep_alloc() failed! (6)
device_probe_and_attach: ep0 attach returned 6
sbc0: <Creative SB16/SB32> at port 0x220-0x22f,0x330-0x331,0x388-0x38b irq 5 drq 1,5 on isa0
sbc0: setting card to irq 5, drq 1, 5
pcm0: <SB DSP 4.13> on sbc0
unknown: <Game> can't assign resources
ep1: <3Com 3C509B-BNC EtherLink III (PnP)> at port 0x210-0x21f irq 7 on isa0
ep1: Ethernet address 00:a0:24:a0:81:8f
unknown: <PNP0303> can't assign resources
unknown: <PNP0a03> can't assign resources
unknown: <PNP0f13> can't assign resources
unknown: <PNP0501> can't assign resources
unknown: <PNP0700> can't assign resources
unknown: <PNP0501> can't assign resources
IP packet filtering initialized, divert enabled, rule-based forwarding disabled, default to deny, logging disabled
ad0: 39082MB <Maxtor 54098U8> [79406/16/63] at ata0-master using UDMA33
(probe7:ncr0:0:8:0): MSG_IGN_WIDE_RESIDUE received, but not yet implemented.
(probe9:ncr0:0:10:0): MSG_IGN_WIDE_RESIDUE received, but not yet implemented.
sa0 at ncr0 bus 0 target 4 lun 0
sa0: <ARCHIVE VIPER 2525 25462 -007> Removable Sequential Access SCSI-CCS device
sa0: 3.300MB/s transfers
Mounting root from ufs:/dev/ad0s2a
cd0 at ncr0 bus 0 target 5 lun 0
cd0: <PIONEER CD-ROM DR-U06S 1.05> Removable CD-ROM SCSI-2 device
cd0: 19.230MB/s transfers (19.230MHz, offset 16)
cd0: Attempt to query device size failed: NOT READY, Medium not present
da2 at ncr0 bus 0 target 15 lun 0
da2: <IBM DDRS-34560D DC1B> Fixed Direct Access SCSI-2 device
da2: 40.000MB/s transfers (20.000MHz, offset 15, 16bit), Tagged Queueing Enabled
da2: 4357MB (8925000 512 byte sectors: 255H 63S/T 555C)
da0 at ncr0 bus 0 target 8 lun 0
da0: <IBM OEM DFHSS2W 4B4B> Fixed Direct Access SCSI-2 device
da0: 20.000MB/s transfers (10.000MHz, offset 15, 16bit)
da0: 2150MB (4404489 512 byte sectors: 255H 63S/T 274C)
da1 at ncr0 bus 0 target 10 lun 0
da1: <IBM OEM DFHSS2W 4B4B> Fixed Direct Access SCSI-2 device
da1: 20.000MB/s transfers (10.000MHz, offset 15, 16bit)
da1: 2150MB (4404489 512 byte sectors: 255H 63S/T 274C)
/dev/vmmon: Module vmmon: registered with major=200 minor=0 tag=$Name: build-570 $
/dev/vmmon: Module vmmon: initialized
cd1 at ncr0 bus 0 target 6 lun 0
cd1: <MATSHITA CD-R CW-7503 1.08> Removable CD-ROM SCSI-2 device
cd1: 10.000MB/s transfers (10.000MHz, offset 8)
cd1: Attempt to query device size failed: NOT READY, Medium not present - tray closed
uhub0: port error, restarting port 2
ums0: at uhub0 port 2 (addr 3) disconnected
ums0: detached
ums0: Logitech USB Mouse, rev 1.10/6.10, addr 3, iclass 3/1
ums0: 4 buttons and Z dir.
On Sat, Dec 02, 2000 at 01:11:37PM -0800, Gordon Tetlow wrote:
> I'll add another data point if I can. I also get this message from my
> working firewall box. I get it even when all the machines behind the
> firewall are powered down. And I get it alot. Attached are my firewall
> rules and dmesg.
>
> -gordon
>
> Also, here are the arguments I pass to natd:
>
> /sbin/natd -dynamic -unregistered_only -use_sockets -punch_fw 3850:10 -n vx0
>
> On Thu, 30 Nov 2000, Frederik Meerwaldt wrote:
>
> > Date: Thu, 30 Nov 2000 20:25:15 +0100 (CET)
> > From: Frederik Meerwaldt <frederik@freddym.org>
> > To: freebsd-hackers@freebsd.org
> > Subject: natd bug
> >
> > Hi there!
> >
> > I was just looking why my natd doesnt work, when I discovered the
> > following bug (?):
> >
> > I compiled my kernel with IPDIVERT IPFIREWALL and
> > IPFIREWALL_DEFAULT_TO_ACCEPT and I set up only one rule:
> > ipfw add divert natd all from any to any via isp0
> > Then I started natd (at boot time):
> > natd -unregistered_only -dynamic -n isp0
> > But when a package arrives (doesn't matter from localhost or another
> > host), natd gives out a kernel message:
> >
> > Nov 30 15:03:06 server natd[195]: failed to write packet back (Permission
> > denied)
> >
> > What does that mean? I started natd from my rc.local, so it runs as root
> > and it should have all permissions.
> >
> > Thanks in advance!
> > Best Regards,
> > Freddy
(Much deleted)
--
Charles Anderson caa@columbus.rr.com
No quote, no nothin'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001204135853.A24637>