Date: Tue, 16 Jan 2001 08:58:54 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Bill Moran <wmoran@mail.iowna.com> Cc: Cliff Sarginson <cliff@raggedclown.net>, questions@FreeBSD.ORG Subject: Re: natd & failed to write packet back Message-ID: <20010116085854.T97980@rfx-64-6-211-149.users.reflexco> In-Reply-To: <3A6455B2.F797877F@mail.iowna.com>; from wmoran@mail.iowna.com on Tue, Jan 16, 2001 at 09:07:46AM -0500 References: <E14IQZ0-0005bR-00@post.mail.nl.demon.net> <20010115234039.L97980@rfx-64-6-211-149.users.reflexco> <3A6455B2.F797877F@mail.iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 16, 2001 at 09:07:46AM -0500, Bill Moran wrote: > "Crist J. Clark" wrote: > > > > In a similar vain, what does the above message indicate but accompanied > > > by a "permission denied" as the reason ? > > > > Doh! Thanks for catching that. I described what 'permission denied' > > means. When it says 'host is down,' well... it means that the host the > > packet is destined for is down. It must be a host on the local network > > to get that message. > > Well, this helps & not. > So, apparently a host on the local (you mean internal, private ips?) > network is down. Local network means local network. Any address that should be on the same wire as an interface. Since you probably have at least two interfaces, you have at least two local networks relative to that machine. However, I believe you should only be getting these through natd(8) for machines that are supposed to be off of the interface which has the divert rule. That tells me that the missing machine is on the public network. I'm not 100% on that... natd(8) _might_ find out about it if the machine is not off of the other interface. > Howerver, it started communicating before it went down. You get 'host is down' responses when ARP resolution fails for a local address. The machine need never have existed. > I wouldn't worry, but the fact that it's happening so much. It would be > nice if it would tell me _which_ host is down. That is the tricky part. > I guess it could have to do with the Macs going into sleep mode. These > folks have a tendency to leave programs running (even after they leave > for the day) If a browser were looking at something and went into sleep > mode before the exchange completed, this could happen. But that's really > pretty far-fetched and it's just a theory. > Hmmm ... the mystery continues. Any hints on how to diagnose this? It'd > be difficult to isolate the packets that are causing it when there's no > indication of IP or port #. What you might want to try is look for unanswered ARPs on the natd interface, # tcpdump -en -i <interface> arp If it gets too noisy you can knock out noisy hosts with '! host <ip>' or add 'ether <mac>' with the NAT machine's interface's hardware address. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010116085854.T97980>