Date: Mon, 18 Oct 1999 23:06:30 -0700 From: Bohdan Tashchuk <tashchuk@easystreet.com> To: douglas@artswire.org Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD - Console Message Question Message-ID: <380C0A66.26AAED02@easystreet.com> References: <000701bf19cb$b4b9e380$0105a8c0@sterndog.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Douglas Cohen wrote:
>
> I'm running ipfw with natd, connecting my RFC 1918 LAN to the Internet.
>
> The ipfw rules only allow internal LAN users access to external Internet
> services (email, http, telnet, dns, passive mode ftp).
>
> Everything seems to be working fine, except that the following natd message
> keeps appearing on the console:
>
> natd[173]: failed to write packet back (Permission denied)
>
> I understand about failing to write the packet back, but what does [173]
> signify in terms of natd? (looking in the services file,
> xyplex-mux is assigned to port 173, which somehow doesn't seem
> relevant).
>
> The natd configuration is:
>
> -use_sockets -same_ports -unregistered_only -dynamic
>
> Thanks for you help.
>
> Doug
I had these same messages from natd. They were always accompanied
by log messages from ipfw. That's because I log everything I deny.
In my case the source of the packets was from the rwho daemon.
For some reason the natd message was coming out when my ipfw
rules dropped the packet.
I got tired of seeing the messages and I fixed this by changing my
natd lines in /etc/rc.firewall to the following two, ie I prefixed
the divert command:
$fwcmd add deny udp from any who to any who via ${natd_interface}
$fwcmd add divert natd all from any to any via ${natd_interface}
This ordering keeps the rwho packet from ever getting to natd.
In any case it got rid of my "noisy" natd output.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?380C0A66.26AAED02>