Date: Sat, 14 Apr 2001 21:18:15 -0700 (PDT) From: Galen Sampson <galen_sampson@yahoo.com> To: freebsd-questions@freebsd.org Cc: lowell@world.std.com, freebsd-stable@freebsd.org Subject: Re: natd[232]: failed to write packet back (Permission denied) Message-ID: <20010415041815.836.qmail@web1106.mail.yahoo.com> In-Reply-To: <44eluvqhxf.fsf@lowellg.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
I had this problem after installing a make buildworld from 4/12. With
"open" firewall rules in rc.conf. I realized that I had changed my rc.conf to
only load specific interfaces instead of "auto". This meant that the loopback
wasn't up. As soon as I brought the loopback up messages dissapeared. Hope
this helps.
Regards,
Galen
--- Lowell Gilbert <lowell@world.std.com> wrote:
> veldy@veldy.net ("Thomas T. Veldhouse") writes:
>
> > Apr 13 10:47:37 fuggle natd[232]: failed to write packet back (Permission
> > denied)
> > Apr 13 10:47:46 fuggle last message repeated 4 times
> > Apr 13 10:47:47 fuggle su: veldy to root on /dev/ttyp0
> > Apr 13 10:47:58 fuggle natd[232]: failed to write packet back (Permission
> > denied)
> > Apr 13 10:48:31 fuggle last message repeated 3 times
> >
> >
> > Can anybody explain what causes this? I have look through archive after
> > archive and have found many many reports of this problem, but no solution.
> > The closest I have come is a message that says to check the firewall rules
> > to see what is blocking packets passed back from natd. This cannot be it
> > because I have added rules after the natd divert to open everything and
> this
> > still occurs.
>
> That is *exactly* what causes this message. Check your rules again --
> and do it with 'ipfw l', not just by looking at your your firewall
> configuration script, because the auto-incrementing numbering may not
> have done quite what you expected. [I've made this mistake a number
> of times.]
>
> Also, make sure that the "open everything" rule is numbered higher
> than the divert rule. It won't work at all if they're at the same
> number.
>
> If the machines behind the NAT are sharing the same public address as
> the NAT machine itself, and you don't need them to accept connections
> initiated from the outside Internet, then it should be perfectly
> possible to set up your ipfw rules to avoid this.
>
> > Please help -- this fills logs and is a nuisance -- it has been a problem
> > ever since at least 4.1.1.
>
> Sounds like it's not a -stable problem, then. Let's move this over to
> -questions instead...
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010415041815.836.qmail>