Date: Wed, 3 Oct 2001 06:27:07 -0700 From: Chip <chip@wiegand.org> To: cjclark@alum.mit.edu, "Crist J. Clark" <cristjc@earthlink.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd permission denied at bootup Message-ID: <0110030627070H.96094@chip.wiegand.org> In-Reply-To: <20011003012926.L310@blossom.cjclark.org> References: <0110022222480G.96094@chip.wiegand.org> <20011003012926.L310@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 October 2001 01:29, Crist J. Clark wrote: > On Tue, Oct 02, 2001 at 10:22:48PM -0700, Chip wrote: > > [snip] > > > natd: failed to write packet back (permission denied) > > routed: send bcast sendto(xl0): permission denied > > starting final network daemons: firewall, routed: sendto(dc0): permission > > denied. > > This sure looks like your firewall not passing packets. And we can fix > the routed(8) problem easily. You don't need it, turn it off. I disabled that line, but am still getting the message: natd: failed to write packet: no route to host > > Any ideas what's going one here? I have verified all the files with the > > existing firewall box and it's been working fine for a couple years. > > Have you done a, > > # ipfw show Yes, the rules are loaded, in fact they show on the boot messages. > Once the box is up and running to make sure the firewall rules, > > > I have also replaced rc.firewall with a differant one that has only - > > /sbin/ipfw -f flush > > /sbin/ipfw add divert natd all from any to any via dc0 > > /sbin/ipfw add pass all from any to any > > And I get the same error messages. > > Are really there? Yep: divert 8668 ip from any to any via dc0 allow ip from any to any via lo0 deny ip from any to any 127.0.0.0/0 deny ip from 127.0.0.0/0 to any allow ip from any to any deny ip from any to any > > It appears to be a route problem, but netstat does show a default route > > (see below). > > > > I am at a total loss for a solution here. > > [snip] > > > # -- sysinstall generated deltas -- # Tue Sep 25 22:38:43 2001 > > # Created: Tue Sep 25 22:38:43 2001 > > # Enable network daemons for user convenience. > > # Please make all changes to this file, not to /etc/defaults/rc.conf. > > # This file now contains just the overrides from /etc/defaults/rc.conf. > > network_interfaces="xl0 dc0 lo0" > > firewall_enable="YES" > > firewall_script="/etc/rc.firewall" > > firewall_type="open" > > gateway_enable="YES" > > natd_interface="dc0" > > natd_enable="YES" > > natd_flags="-f /etc/natd.conf" > > router_enable="YES" > > Drop this. I did. > > defaultrouter="66.114.152.1" > > hostname="firewall.wiegand.org" > > ifconfig_xl0="inet 192.168.1.10 netmask 255.255.255.0" > > ifconfig_dc0="inet 66.114.152.128 netmask 255.255.248.0" > > moused_enable="YES" > > moused_port="/dev/cuaa1" > > moused_type="mouseman" > > sendmail_enable="NO" > > sshd_enable="YES" > > Again, doublecheck the firewall rules are actually being loaded. If > they are, something really strange is going on. Agreed I am also getting the following message: firewall /kernel: arp: 66.114.152.128 is on lo0 but got reply from xl0 yet ifconfig -a confirms that dc0 is 66.114.152.128 and xl0 is 192.168.1.10 -- Chip W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0110030627070H.96094>