Date: Sat, 7 Apr 2001 04:27:29 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Trevin Chow <tmchow@sfu.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Natd - "failed to write packet back" Message-ID: <Pine.BSF.4.21.0104070424280.19859-100000@cody.jharris.com> In-Reply-To: <5.0.2.1.2.20010407012235.02502de0@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Apr 2001, Trevin Chow wrote: > At 03:49 AM 4/7/2001 -0500, Nick Rogness wrote: > > > 65535 2 390 deny ip from any to any > > ^^^^^ > > Rule 65535 is denying your packets...You are not allowing > > valid traffic...which is why you are getting a "permission > > denied". I would recommend running a allow log rule before it to > > see what valid traffic looks like...then do your filtering after > > you know for sure stuff works. > > I'm not sure what you mean. All my rules above it allow for valid > traffic. Isn't the last rule applied as a "last resort" if it hasn't > matched anything above? Yes, but you are missing something. To be honest I didn't look to hard at your ruleset. I scrolled down and seen a deny rule with counter hits on it and I see no counter hits on your supposed "valid" traffic. Turn on 'log' on rule 65535. The only other thing that could cause something like that is not having a default gateway. Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104070424280.19859-100000>