Date: Mon, 18 Oct 1999 23:06:30 -0700 From: Bohdan Tashchuk <tashchuk@easystreet.com> To: douglas@artswire.org Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD - Console Message Question Message-ID: <380C0A66.26AAED02@easystreet.com> References: <000701bf19cb$b4b9e380$0105a8c0@sterndog.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Douglas Cohen wrote: > > I'm running ipfw with natd, connecting my RFC 1918 LAN to the Internet. > > The ipfw rules only allow internal LAN users access to external Internet > services (email, http, telnet, dns, passive mode ftp). > > Everything seems to be working fine, except that the following natd message > keeps appearing on the console: > > natd[173]: failed to write packet back (Permission denied) > > I understand about failing to write the packet back, but what does [173] > signify in terms of natd? (looking in the services file, > xyplex-mux is assigned to port 173, which somehow doesn't seem > relevant). > > The natd configuration is: > > -use_sockets -same_ports -unregistered_only -dynamic > > Thanks for you help. > > Doug I had these same messages from natd. They were always accompanied by log messages from ipfw. That's because I log everything I deny. In my case the source of the packets was from the rwho daemon. For some reason the natd message was coming out when my ipfw rules dropped the packet. I got tired of seeing the messages and I fixed this by changing my natd lines in /etc/rc.firewall to the following two, ie I prefixed the divert command: $fwcmd add deny udp from any who to any who via ${natd_interface} $fwcmd add divert natd all from any to any via ${natd_interface} This ordering keeps the rwho packet from ever getting to natd. In any case it got rid of my "noisy" natd output. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?380C0A66.26AAED02>