From owner-freebsd-questions Sun Jun 10 9:41:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id F2EE537B403 for ; Sun, 10 Jun 2001 09:40:57 -0700 (PDT) (envelope-from ipthomas_77@yahoo.com) Received: from scraemondaemon.my.domain (1Cust252.tnt8.buffalo.ny.da.uu.net [63.10.12.252]) by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA22501; Sun, 10 Jun 2001 09:40:55 -0700 (PDT) Received: (from ipt@localhost) by scraemondaemon.my.domain (8.9.3/8.9.3) id MAA00352; Sun, 10 Jun 2001 12:39:50 -0400 (EDT) (envelope-from ipt) From: "Ian P. Thomas" Message-Id: <200106101639.MAA00352@scraemondaemon.my.domain> Subject: Re: natd failed to write packet back(RESOLVED) To: ipthomas_77@yahoo.com (Ian P. Thomas) Date: Sun, 10 Jun 2001 12:39:49 -0400 (EDT) Cc: freebsd-questions@freebsd.org In-Reply-To: from "Ian P. Thomas" at Jun 10, 2001 12:19:03 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Again answering my own question. This is what I added to my firewall to get rid of the natd errors. $fwcmd add allow udp from 10.0.0.1 1031-1038 to 128.205.106.1 53 out xmit tun0 Allowing ICMP for ping and traceroute helped give me more info. I noticed on the FreeBSD archives that this problem looked like it went unsolved(of course maybe I didn't see the resolution). I am going to email this to the author of the tutorial and see if he can add it to the questions portion at the end. This takes care of how Earthlink's handshake works when establishing a connection which is what was causing natd grief. Ian In the last episode, Ian P. Thomas stated... > > I keep getting this message after implementing the firewall > described on freebsd.org for dial-up users with dynamic IP's. > > natd failed to write packet back (Permission Denied) > > It seems that nat is trying to work before the ppp connection is up. Is this > correct, and is there any way to have natd wait a few seconds before > starting up at boot time? Or does the Permission denied part have to do > with the firewall rules. > > # set the firewall command > fwcmd="/sbin/ipfw" > # flush rules first > $fwcmd -f flush > # divert all packets to the tun interface > $fwcmd add divert natd all from any to any via tun0 > # allow any data from the localhost > $fwcmd add allow ip from any to any via lo0 > # allow any connections initiated by this host > $fwcmd add allow tcp from any to any out xmit tun0 setup > # allow established connections to remain open > $fwcmd add allow tcp from any to any via tun0 established > # reset ident packages, don't give out any info > $fwcmd add reset log tcp from any to any 113 in recv tun0 > # allow outgoing requests to specific DNS servers > $fwcmd add allow udp from any to 207.217.120.83 53 out xmit tun0 > # allow responses to DNS requests > $fwcmd add allow udp from 207.217.120.83 53 to any in recv tun0 > > Thanks in advance. > > Ian > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message