From owner-freebsd-hackers Mon Dec 4 11: 0:11 2000 From owner-freebsd-hackers@FreeBSD.ORG Mon Dec 4 11:00:04 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from columbus.rr.com (dhcp065-024-189-179.columbus.rr.com [65.24.189.179]) by hub.freebsd.org (Postfix) with ESMTP id D0A0337B401 for ; Mon, 4 Dec 2000 11:00:00 -0800 (PST) Received: (from caa@localhost) by columbus.rr.com (8.11.0/8.11.0) id eB4IxMC26210; Mon, 4 Dec 2000 13:59:22 -0500 (EST) (envelope-from caa) Date: Mon, 4 Dec 2000 13:58:53 -0500 From: Charles Anderson To: Gordon Tetlow Cc: Frederik Meerwaldt , freebsd-hackers@FreeBSD.ORG Subject: Re: natd bug Message-ID: <20001204135853.A24637@midgard.dhs.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from gordont@bluemtn.net on Sat, Dec 02, 2000 at 01:11:37PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I had the same thing until I removed rule 200 in rc.firewall (using open) #${fwcmd} add 200 deny all from any to 127.0.0.0/8 Now it works, but I feel a bit less secure, but I don't have anything of great importance on the box. One thing I noticed in common, is we're both running Etherlink III's. (although mine is isa and yours is PCI) I have a friend that a pair of fxp's, and I tried his rc.firewall, that works fine for him, but doesn't for me. -Charlie dmesg is as follows. Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.0-CURRENT #0: Fri Sep 8 10:09:47 GMT 2000 root@midgard.dhs.org:/usr/obj/usr/src/sys/MIDGARD Timecounter "i8254" frequency 1193182 Hz Timecounter "TSC" frequency 463911525 Hz CPU: Pentium II/Pentium II Xeon/Celeron (463.91-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x660 Stepping = 0 Features=0x183f9ff real memory = 134217728 (131072K bytes) avail memory = 127090688 (124112K bytes) Preloaded elf kernel "kernel.ko" at 0xc0364000. Preloaded elf module "linux.ko" at 0xc03640a0. Preloaded elf module "usb.ko" at 0xc0364140. Preloaded elf module "ugen.ko" at 0xc03641dc. Preloaded elf module "ums.ko" at 0xc0364278. Preloaded elf module "randomdev.ko" at 0xc0364314. Preloaded elf module "linprocfs.ko" at 0xc03643b8. Pentium Pro MTRR support enabled npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at 0.0 irq 11 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xf000-0xf00f at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 uhci0: port 0xe000-0xe01f irq 15 at device 7.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ugen0: BELKIN UPS, rev 1.10/0.06, addr 2 ums0: Logitech USB Mouse, rev 1.10/6.10, addr 3, iclass 3/1 ums0: 4 buttons and Z dir. intpm0: port 0x5000-0x500f irq 9 at device 7.3 on pci0 intpm0: I/O mapped 5000 intpm0: intr IRQ 9 enabled revision 0 smbus0: on intsmb0 smb0: on smbus0 intpm0: PM I/O mapped 4000 fxp0: port 0xe400-0xe41f mem 0xe4000000-0xe40fffff,0xe4102000-0xe4102fff irq 15 at device 11.0 on pci0 fxp0: Ethernet address 00:a0:c9:78:ae:3a ncr0: port 0xe800-0xe8ff mem 0xe4101000-0xe4101fff,0xe4100000-0xe41000ff irq 10 at device 13.0 on pci0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 psm0: irq 12 on atkbdc0 psm0: model MouseMan+, device ID 0 fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 joy0 at port 0x201 on isa0 ppc0: parallel port not found. sc0: on isa0 sc0: VGA <16 virtual consoles, flags=0x200> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ep0: <3Com 3C509-BNC EtherLink III> at port 0x300-0x30f irq 10 on isa0 ep0: No irq?! ep0: ep_alloc() failed! (6) device_probe_and_attach: ep0 attach returned 6 sbc0: at port 0x220-0x22f,0x330-0x331,0x388-0x38b irq 5 drq 1,5 on isa0 sbc0: setting card to irq 5, drq 1, 5 pcm0: on sbc0 unknown: can't assign resources ep1: <3Com 3C509B-BNC EtherLink III (PnP)> at port 0x210-0x21f irq 7 on isa0 ep1: Ethernet address 00:a0:24:a0:81:8f unknown: can't assign resources unknown: can't assign resources unknown: can't assign resources unknown: can't assign resources unknown: can't assign resources unknown: can't assign resources IP packet filtering initialized, divert enabled, rule-based forwarding disabled, default to deny, logging disabled ad0: 39082MB [79406/16/63] at ata0-master using UDMA33 (probe7:ncr0:0:8:0): MSG_IGN_WIDE_RESIDUE received, but not yet implemented. (probe9:ncr0:0:10:0): MSG_IGN_WIDE_RESIDUE received, but not yet implemented. sa0 at ncr0 bus 0 target 4 lun 0 sa0: Removable Sequential Access SCSI-CCS device sa0: 3.300MB/s transfers Mounting root from ufs:/dev/ad0s2a cd0 at ncr0 bus 0 target 5 lun 0 cd0: Removable CD-ROM SCSI-2 device cd0: 19.230MB/s transfers (19.230MHz, offset 16) cd0: Attempt to query device size failed: NOT READY, Medium not present da2 at ncr0 bus 0 target 15 lun 0 da2: Fixed Direct Access SCSI-2 device da2: 40.000MB/s transfers (20.000MHz, offset 15, 16bit), Tagged Queueing Enabled da2: 4357MB (8925000 512 byte sectors: 255H 63S/T 555C) da0 at ncr0 bus 0 target 8 lun 0 da0: Fixed Direct Access SCSI-2 device da0: 20.000MB/s transfers (10.000MHz, offset 15, 16bit) da0: 2150MB (4404489 512 byte sectors: 255H 63S/T 274C) da1 at ncr0 bus 0 target 10 lun 0 da1: Fixed Direct Access SCSI-2 device da1: 20.000MB/s transfers (10.000MHz, offset 15, 16bit) da1: 2150MB (4404489 512 byte sectors: 255H 63S/T 274C) /dev/vmmon: Module vmmon: registered with major=200 minor=0 tag=$Name: build-570 $ /dev/vmmon: Module vmmon: initialized cd1 at ncr0 bus 0 target 6 lun 0 cd1: Removable CD-ROM SCSI-2 device cd1: 10.000MB/s transfers (10.000MHz, offset 8) cd1: Attempt to query device size failed: NOT READY, Medium not present - tray closed uhub0: port error, restarting port 2 ums0: at uhub0 port 2 (addr 3) disconnected ums0: detached ums0: Logitech USB Mouse, rev 1.10/6.10, addr 3, iclass 3/1 ums0: 4 buttons and Z dir. On Sat, Dec 02, 2000 at 01:11:37PM -0800, Gordon Tetlow wrote: > I'll add another data point if I can. I also get this message from my > working firewall box. I get it even when all the machines behind the > firewall are powered down. And I get it alot. Attached are my firewall > rules and dmesg. > > -gordon > > Also, here are the arguments I pass to natd: > > /sbin/natd -dynamic -unregistered_only -use_sockets -punch_fw 3850:10 -n vx0 > > On Thu, 30 Nov 2000, Frederik Meerwaldt wrote: > > > Date: Thu, 30 Nov 2000 20:25:15 +0100 (CET) > > From: Frederik Meerwaldt > > To: freebsd-hackers@freebsd.org > > Subject: natd bug > > > > Hi there! > > > > I was just looking why my natd doesnt work, when I discovered the > > following bug (?): > > > > I compiled my kernel with IPDIVERT IPFIREWALL and > > IPFIREWALL_DEFAULT_TO_ACCEPT and I set up only one rule: > > ipfw add divert natd all from any to any via isp0 > > Then I started natd (at boot time): > > natd -unregistered_only -dynamic -n isp0 > > But when a package arrives (doesn't matter from localhost or another > > host), natd gives out a kernel message: > > > > Nov 30 15:03:06 server natd[195]: failed to write packet back (Permission > > denied) > > > > What does that mean? I started natd from my rc.local, so it runs as root > > and it should have all permissions. > > > > Thanks in advance! > > Best Regards, > > Freddy (Much deleted) -- Charles Anderson caa@columbus.rr.com No quote, no nothin' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message