From owner-freebsd-questions Mon Dec 10 9:14:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by hub.freebsd.org (Postfix) with ESMTP id F227137B417 for ; Mon, 10 Dec 2001 09:14:43 -0800 (PST) Received: from twincat.vladsempire.net (unknown [209.105.45.28]) by services.webwarrior.net (Postfix) with ESMTP id BF11D1BD for ; Mon, 10 Dec 2001 11:14:50 -0600 (CST) Received: by twincat.vladsempire.net (Postfix, from userid 1001) id 45E433863; Mon, 10 Dec 2001 11:14:45 +0000 (GMT) Date: Mon, 10 Dec 2001 11:14:45 +0000 From: Josh Paetzel To: Mike D Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd ignores "natd_flags"? Message-ID: <20011210111445.J1432@twincat.vladsempire.net> Mail-Followup-To: Mike D , freebsd-questions@FreeBSD.ORG References: <20011210075001.JESP3849.mta06-svc.ntlworld.com@there> <20011210085948.B22592@neptune.deep-ocean.local> <20011210085150.TANF27606.mta05-svc.ntlworld.com@there> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011210085150.TANF27606.mta05-svc.ntlworld.com@there>; from d01f1n@yahoo.com on Mon, Dec 10, 2001 at 08:51:25AM +0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Dec 10, 2001 at 08:51:25AM +0000, Mike D wrote: > > [I think this question should be redirected to -questions or -net, but > > anyway...] > > should only programming questions be posted here? > > > do you have IPFIREWALL in your kernel ? is is configured "default to > > deny" ? This is typically what is bugginig me when natd fails to write a > > packet : a nasty firewall rule... > > I have a ipfw rules file, the point is I want to log the deny natd messages, > not see them. > > > > > man ipfw & read the handbook, section networking (correct me if i'm > > wrong). > > I don't think this is an ipfw issue - the failure msg comes from natd, not > ipfw. Could be wrong of course! > > > > > Olivier > > > > On Mon, Dec 10, 2001 at 07:49:37AM +0000, Mike D wrote: > > > I have in my rc.conf: > > > > > > natd_enable="YES" > > > natd_interface="xl1" > > > natd_flags="-f /etc/natd.conf" > > > > > > and in /etc/natd.conf: > > > > > > interface xl1 > > > dynamic yes > > > use_sockets yes > > > same_ports yes > > > log_denied yes > > > > > > however, since I am still seeing the "host4 natd[198]: failed to write > > > packet back (Permission denied)" messages, I'm guessing "log_denied" is > > > not being picked up. The logging that the conf file is talking about is logging packets that are denied by natd. This is not what is happening to you, hence you are seeing these messages. natd is trying to tell you that something in your configuration for natd/ipfw is broken. You can adjust syslogd to log them to /var/log/messages, but it would be much better to fix the issue. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message