Date: Wed, 3 Oct 2001 01:29:26 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Chip <chip@wiegand.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd permission denied at bootup Message-ID: <20011003012926.L310@blossom.cjclark.org> In-Reply-To: <0110022222480G.96094@chip.wiegand.org>; from chip@wiegand.org on Tue, Oct 02, 2001 at 10:22:48PM -0700 References: <0110022222480G.96094@chip.wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 02, 2001 at 10:22:48PM -0700, Chip wrote:
[snip]
> natd: failed to write packet back (permission denied)
> routed: send bcast sendto(xl0): permission denied
> starting final network daemons: firewall, routed: sendto(dc0): permission
> denied.
This sure looks like your firewall not passing packets. And we can fix
the routed(8) problem easily. You don't need it, turn it off.
> Any ideas what's going one here? I have verified all the files with the
> existing firewall box and it's been working fine for a couple years.
Have you done a,
# ipfw show
Once the box is up and running to make sure the firewall rules,
> I have also replaced rc.firewall with a differant one that has only -
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via dc0
> /sbin/ipfw add pass all from any to any
> And I get the same error messages.
Are really there?
> It appears to be a route problem, but netstat does show a default route (see
> below).
>
> I am at a total loss for a solution here.
[snip]
> # -- sysinstall generated deltas -- # Tue Sep 25 22:38:43 2001
> # Created: Tue Sep 25 22:38:43 2001
> # Enable network daemons for user convenience.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> # This file now contains just the overrides from /etc/defaults/rc.conf.
> network_interfaces="xl0 dc0 lo0"
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="open"
> gateway_enable="YES"
> natd_interface="dc0"
> natd_enable="YES"
> natd_flags="-f /etc/natd.conf"
> router_enable="YES"
Drop this.
> defaultrouter="66.114.152.1"
> hostname="firewall.wiegand.org"
> ifconfig_xl0="inet 192.168.1.10 netmask 255.255.255.0"
> ifconfig_dc0="inet 66.114.152.128 netmask 255.255.248.0"
> moused_enable="YES"
> moused_port="/dev/cuaa1"
> moused_type="mouseman"
> sendmail_enable="NO"
> sshd_enable="YES"
Again, doublecheck the firewall rules are actually being loaded. If
they are, something really strange is going on.
--
Crist J. Clark cjclark@alum.mit.edu
cjclark@jhu.edu
cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011003012926.L310>