Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Feb 2004 14:45:39 -1000 (HST)
From:      Vincent Poy <vince@oahu.WURLDLINK.NET>
To:        Craig Rodrigues <rodrigc@crodrigues.org>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: HEADSUP: Sleep queues added to kernel, so be careful.
Message-ID:  <20040228144145.Q8264-100000@oahu.WURLDLINK.NET>
In-Reply-To: <20040229002147.GA1351@crodrigues.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Feb 2004, Craig Rodrigues wrote:

> Hi,
>
> I just cvsup'd my box, and am having the same problem
> as Vincent.
>
> I have these lines in my /etc/rc.conf:
>
> firewall_type="open"
> natd_enable="YES"
> natd_interface="xl0"
> natd_flags="-redirect_port tcp 192.168.0.2:80-9000 80-9000 -redirect_port tcp 19
> 2.168.0.3:80-9000 80-9000"
>
>
> If I capture the boot output with:
> vidcontrol -H -P > bootup.txt
>
> I see these lines:
>
> Flushed all rules.
> 00050 divert 8668 ip from any to any via xl0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 65000 allow ip from any to any
> Firewall rules loaded, starting divert daemons: natd: Unable to bind divert socket.: Can't assign requested address
> .
> net.inet.ip.fw.enable: 1 -> 1
>
>
>
> I added some additional statements to /etc/rc.d/ipfw so
> that it prints out the natd command:
>
> Firewall rules loaded, starting divert daemons: natd: /sbin/natd -redirect_port tcp 192.168.0.2:80-9000 80-9000 -redirect_port tcp 192.168.0.3:80-9000 80-9000 -dynamic -n xl0
> natd: Unable to bind divert socket.: Can't assign requested address
> .
> net.inet.ip.fw.enable: 1 -> 1
>
>
>
> After bootup, if I execute /sbin/natd from the command-line,
> I do not get this error message.

	Thanks Craig, I just looked on the console and captured the
output:

Flushed all rules.
00050 divert 8668 ip from any to any via xl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
Firewall rules loaded, starting divert daemons: natd
natd: Unable to bind divert socket.: Can't assign requested address.
Firewall logging enabled
net.inet.ip.fw.enable: 1 -> 1

	I can't tell when this broke as I mentioned, the last -CURRENT
buildworld I was running on was September 23, 2003 before going with this
one at 4AM -800.


Cheers,
Vince - vince@WURLDLINK.NET - Vice President             ________   __ ____
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation                                  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong                  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Almighty1@IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040228144145.Q8264-100000>