Date: Mon, 13 Aug 2001 15:49:03 -0500 From: David Kelly <dkelly@hiwaay.net> To: Nick Rogness <nick@rogness.net> Cc: Adrian Browne <Adrian@nu-earth.demon.co.uk>, freebsd-questions@FreeBSD.ORG Subject: Re: natd[231]: failed to write packet back (Permission denied) Message-ID: <20010813154903.B24678@grumpy.dyndns.org> In-Reply-To: <Pine.BSF.4.21.0108131450180.26968-100000@cody.jharris.com>; from nick@rogness.net on Mon, Aug 13, 2001 at 02:52:40PM -0500 References: <ILEFKPEDALOIGNPOBLHAIEANCFAA.Adrian@nu-earth.demon.co.uk> <Pine.BSF.4.21.0108131450180.26968-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 13, 2001 at 02:52:40PM -0500, Nick Rogness wrote: > On Mon, 13 Aug 2001, Adrian Browne wrote: > > > > natd[231]: failed to write packet back (Permission denied) > > Your firewall is blocking something. Turn on logging and submit > logs. Both ipfw and nat logs preferred along with your firewall > setup (ipfw -a l) and natd configuration. Hopefully you have all "deny" rules logging. Then match time stamp between /var/log/messages and /var/log/security. If you don't have "deny log" rules then start cloning your denys with a logging versions inserted just before the original until you find the problem rule. Multiple xterms running "tail -f", one on each log file, is also extremely helpful. While natd may not be able to determine which rule denied the packet on reinsertion I've often wished natd could at least list the source and destination address and ports with its error message. Have wished, but always in the heat of battle when the problem comes up. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010813154903.B24678>