Date: Fri, 27 Aug 1999 07:22:06 -0700 From: "Mr. Kasey A. Hohenbrink" <kasey@HoHenBrink.NET> To: Roy Bettle <rbettle@criterion-group.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Fwd: Solution for: natd[130]: failed to write packet back (Permission denied)] Message-ID: <37C69F0E.C53EEC35@hohenbrink.net> References: <37C2CCCE.9B69E233@hohenbrink.net> <37C2D786.B38B9A3E@criterion-group.com>
next in thread | previous in thread | raw e-mail | index | archive | help
All, This problem seems to be due to the firewall rules I have defined for the natted interface. I've run natd in verbose mode and saw that it only gave me the "failed.." message when natd tried to write a deniable packet back into the stream. In my case, DNS was resolving a 10.0.0.0 address for a box I was trying to reach and the packets were denying as they should have. This is possibly a bug since natd and ipfw should write the packet info in the logging rather than just the "failed..." message. If you can't connect to an outside machine, then you need to really work on your ipfw rules for the natd interface. The packets that cause the error message are the in/out translated packets on the natted interface. To run natd in verbose mode, boot your machine, ps and kill natd, then relaunch it adding the -verbose switch. It should start writing the translations on the terminal and the deny messages should show also. (if you try capturing it to a file, remember that the deny messages are from syslogd not the natd process. verbose mode only shows the translations, not the errors. Just copy and paste from the terminal window.) Don't forget to re-read the man page for natd!! ;>) Kasey A. Hohenbrink Systems & Network Manager, AmberNetworks Roy Bettle wrote: > > We've been having very similar issues. A call to Cox@Home turned up the > comment that UNIX/Linux/*BSD boxen couldn't resolve NT machine names. > > Really hoping we can figure this out as we're having issues getting our > LAN (4 boxen) out over the cable modem. > > RAB > > "Mr. Kasey A. Hohenbrink" wrote: > > > I was wrong, it didn't work. Any suggestions? > > > > Kasey > > > > -------- Original Message -------- > > Subject: Solution for: natd[130]: failed to write packet back > > (Permission denied) > > Date: Tue, 24 Aug 1999 09:42:57 -0700 > > From: "Mr. Kasey A. Hohenbrink" <kasey@hohenbrink.net> > > To: freebsd-questions@FreeBSD.ORG > > > > Hey, > > > > Have you guys seen this error message before. Especially > > at home when connected to a DSL or Cable Modem? > > > > Aug 24 08:07:50 gw natd[130]: failed to write packet back (Permission > > denied) > > Aug 24 08:08:11 gw last message repeated 3 times > > Aug 24 08:10:11 gw last message repeated 5 times > > Aug 24 08:17:45 gw last message repeated 11 times > > > > After reading a lot of postings, I found a post from > > a FreeBSD core developer who blamed this error message on > > his cable modem provider and stated that it looked like the > > ip to mac was not mapping correctly. > > > > So I added the mac address for my dsl modem manually > > > > arp -S x.x.x.x 0:10:66:0:34:72 > > > > This seems to have stopped the message completely. I have > > been running the machine with the change for a couple of > > hours and have not seen the message again. > > > > I am open to suggestions as to where the command should > > be put (ie: which file to edit). > > > > Kasey > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > Roy Bettle > President, Criterion Group > http://www.criterion-group.com > rbettle@criterion-group.com > (949) 452-1203 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37C69F0E.C53EEC35>