Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Jan 2001 22:08:24 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        mel kravitz <melk@switchpwr.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: natd questions
Message-ID:  <20010131220824.R91447@rfx-216-196-73-168.users.reflex>
In-Reply-To: <3A787261.FC964939@switchpwr.com>; from melk@switchpwr.com on Wed, Jan 31, 2001 at 03:15:30PM -0500
References:  <3A787261.FC964939@switchpwr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jan 31, 2001 at 03:15:30PM -0500, mel kravitz wrote:
> Hi,
> Running 4.1 on an i386 box, updated to 4.1 after succesfully using 2.2.8
> for 2+ years.
> I normally start natd from /sbin/natd -m -f /etc/natd.conf
> (/etc/rc.conf.local)

That can cause problems since rc.local is one of the last things to
run after all of the network services have tried to start.

> where /etc/natd.conf file is included below :
> ipfw rules contain proper divert call to tx0
> my question is i am getting a large number of /var/log/messages:
> natd "failed to write packet back (permission denied)"

That means a packet processed by natd(8) is being blocked by a later
rule in the firewall.

> If i start natd from /etc/rc.conf  file how do i call natd.conf?

  natd_enable="YES"
  natd_interface="tx0"
  natd_flags="-f /etc/natd.conf"
  firewall_enable="YES"
  firewall_type=<something>

> Any help would be appreciated.
> -Mel

> # natd.conf
> use_sockets
> port 6668
> interface tx0
> redirect_port tcp 12.14.48.20:http 80
> redirect_port udp 12.14.48.20:http 80
> redirect_port tcp 12.14.48.28:http 12.14.48.18:80
> redirect_port udp 12.14.48.28:http 12.14.48.18:80
> redirect_port tcp 12.14.48.20:ftp 20
> redirect_port udp 12.14.48.20:ftp 20
> redirect_port tcp 12.14.48.20:ftp 21
> redirect_port udp 12.14.48.20:ftp 21

HTTP and FTP do not use UDP. You don't need those.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010131220824.R91447>