From owner-freebsd-ipfw Wed Jan 31 22: 9:10 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id B056C37B67D for ; Wed, 31 Jan 2001 22:08:52 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 31 Jan 2001 22:06:56 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1168PR23505; Wed, 31 Jan 2001 22:08:25 -0800 (PST) (envelope-from cjc) Date: Wed, 31 Jan 2001 22:08:24 -0800 From: "Crist J. Clark" To: mel kravitz Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: natd questions Message-ID: <20010131220824.R91447@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <3A787261.FC964939@switchpwr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3A787261.FC964939@switchpwr.com>; from melk@switchpwr.com on Wed, Jan 31, 2001 at 03:15:30PM -0500 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Jan 31, 2001 at 03:15:30PM -0500, mel kravitz wrote: > Hi, > Running 4.1 on an i386 box, updated to 4.1 after succesfully using 2.2.8 > for 2+ years. > I normally start natd from /sbin/natd -m -f /etc/natd.conf > (/etc/rc.conf.local) That can cause problems since rc.local is one of the last things to run after all of the network services have tried to start. > where /etc/natd.conf file is included below : > ipfw rules contain proper divert call to tx0 > my question is i am getting a large number of /var/log/messages: > natd "failed to write packet back (permission denied)" That means a packet processed by natd(8) is being blocked by a later rule in the firewall. > If i start natd from /etc/rc.conf file how do i call natd.conf? natd_enable="YES" natd_interface="tx0" natd_flags="-f /etc/natd.conf" firewall_enable="YES" firewall_type= > Any help would be appreciated. > -Mel > # natd.conf > use_sockets > port 6668 > interface tx0 > redirect_port tcp 12.14.48.20:http 80 > redirect_port udp 12.14.48.20:http 80 > redirect_port tcp 12.14.48.28:http 12.14.48.18:80 > redirect_port udp 12.14.48.28:http 12.14.48.18:80 > redirect_port tcp 12.14.48.20:ftp 20 > redirect_port udp 12.14.48.20:ftp 20 > redirect_port tcp 12.14.48.20:ftp 21 > redirect_port udp 12.14.48.20:ftp 21 HTTP and FTP do not use UDP. You don't need those. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message