From owner-freebsd-hackers Sat Feb 2 7:21:36 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by hub.freebsd.org (Postfix) with ESMTP id 8076C37B402 for ; Sat, 2 Feb 2002 07:21:29 -0800 (PST) Received: from user-37kaovq.dialup.mindspring.com ([207.69.99.250] helo=mr-p.protolan) by smtp10.atl.mindspring.net with esmtp (Exim 3.33 #1) id 16X1yq-0007m5-00 for freebsd-hackers@FreeBSD.ORG; Sat, 02 Feb 2002 10:21:28 -0500 Date: Sat, 2 Feb 2002 10:25:37 -0500 From: "Marko" X-Mailer: The Bat! (v1.53d) Personal Reply-To: Anikin X-Priority: 3 (Normal) Message-ID: <51142759637.20020202102537@mindspring.com> To: freebsd-hackers@FreeBSD.ORG Subject: natd UDP errors with PPP demand dial X-Sender: ":-)" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, My question is concerning the popular "netd[pid] failed to write packet back [Permission denied]" message. The machine is FreeBSD 4.3R. It connects to the Internet through a PPP demand dial link. Natd is in dynamic mode. The rules seem to be ok, and packet filtering is working great. The natd errors always log right at the end of the PPP link setup, and intermittently thereafter. On link setup, their cause from the security log is this: Jan 25 19:37:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.102.30:53 207.69.99.196:1909 out via tun0 Jan 25 19:37:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.102.30:41755 207.69.99.196:1909 out via tun0 Jan 25 19:37:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.102.30:53 207.69.99.196:1909 out via tun0 Jan 25 19:37:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.102.30:41755 207.69.99.196:1909 out via tun0 Jan 25 19:37:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.102.30:53 207.69.99.196:1909 out via tun0 Jan 25 21:11:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.101.242:53 207.69.102.30:2138 out via tun0 Jan 25 21:11:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.101.242:53 207.69.102.30:2144 out via tun0 Jan 25 21:11:45 PROTODOG /kernel: ipfw: 65000 Deny UDP 207.69.101.242:53 207.69.102.30:2144 out via tun0 There are 2 PPP sessions depicted. During the first, the machine had the 207.69.102.30 IP, during the second - 207.69.101.242. As you can see, it tries to send something via UDP to an IP it held during the previous ppp session. Of course, those attempts run into the ipfw rules causing the natd error, and get rejected as they should be. Some packets originate from very high ports, but there are always some from port 53 on my machine. Named is not running on it. Tcpdump doesn't show much useful stuff. I think it's because the packets never make it to the interface. The packets don't come from my private network either because I have the internal interface shut off to most UDP traffic. DNS queries are directed at particular servers and work fine. The problem packets originate on the firewall machine. My questions are: How do I find out what the machine is trying to send in those rejected UDP packets? Does this seem to be a bug, or do I have something configured wrong?(I have ruled out opening UDP outbound rules and bombarding machines on my previous IP's with nonsense.) Thank you for any input YOU might have. Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message