From owner-freebsd-questions Wed Nov 1 9: 4:31 2000 Delivered-To: freebsd-questions@freebsd.org Received: from po4.wam.umd.edu (po4.wam.umd.edu [128.8.10.166]) by hub.freebsd.org (Postfix) with ESMTP id B442637B479 for ; Wed, 1 Nov 2000 09:04:27 -0800 (PST) Received: from rac5.wam.umd.edu (IDENT:root@rac5.wam.umd.edu [128.8.10.145]) by po4.wam.umd.edu (8.9.3/8.9.3) with ESMTP id MAA28334; Wed, 1 Nov 2000 12:04:22 -0500 (EST) Received: from rac5.wam.umd.edu (IDENT:sendmail@localhost [127.0.0.1]) by rac5.wam.umd.edu (8.9.3/8.9.3) with SMTP id MAA28610; Wed, 1 Nov 2000 12:04:22 -0500 (EST) Received: from localhost (culverk@localhost) by rac5.wam.umd.edu (8.9.3/8.9.3) with ESMTP id MAA28606; Wed, 1 Nov 2000 12:04:21 -0500 (EST) X-Authentication-Warning: rac5.wam.umd.edu: culverk owned process doing -bs Date: Wed, 1 Nov 2000 12:04:21 -0500 (EST) From: Kenneth Wayne Culver To: Ruslan Ermilov Cc: cjclark@alum.mit.edu, freebsd-questions@FreeBSD.ORG Subject: Re: natd errors. In-Reply-To: <20001101104131.A41690@sunbay.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG my oip and onet are real, and I still have the same problem... my iip and inet are not real however.. ================================================================= | Kenneth Culver | FreeBSD: The best NT upgrade | | Unix Systems Administrator | ICQ #: 24767726 | | and student at The | AIM: muythaibxr | | The University of Maryland, | Website: (Under Construction) | | College Park. | http://www.wam.umd.edu/~culverk/| ================================================================= On Wed, 1 Nov 2000, Ruslan Ermilov wrote: > On Wed, Nov 01, 2000 at 12:27:36AM -0800, Crist J . Clark wrote: > > On Wed, Nov 01, 2000 at 09:34:21AM +0200, Ruslan Ermilov wrote: > > > On Tue, Oct 31, 2000 at 04:24:12PM -0500, Kenneth Wayne Culver wrote: > > > > I just decided to make my firewall rules more strict, so I set my type to > > > > "simple" in rc.conf... and now I get this error > > > > Oct 31 16:16:07 culverk natd[139]: failed to write packet back (Permission > > > > denied) > > > > > > > This happens when ipfw blocks packets written back by natd(8). > > > > > > > my rules are the same rules as the "simple" specification in rc.firewall. > > > > > > > There was a problem with the stock "simple" firewall, which has now been > > > fixed in 4.1-STABLE (/etc/rc.firewall, rev 1.30.2.5). > > > > > > > Could someone tell me how to get rid of this error? > > > > > > > Make sure your rc.firewall is rev 1.30.2.5 or higher. > > > > Hmmm, I have a 1.30.2.6 file right here and it still looks to me like > > it does not have a chance of working for your average natd(8) setup. > > > If ${oip} and ${onet} are set to some real values, the "simple" firewall > should work. If they are set to some RFC1918 or draft-manning-dsua ones, > this (of course) will not work, and you will have to either delete two > "deny" rules (one before and one after the divert rule) that include your > ${onet}:${omask} network. Anything else? > > > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message