From owner-freebsd-questions Sat Aug 19 5:26: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp1.cybersurf.net (smtp1.cybersurf.net [209.197.145.111]) by hub.freebsd.org (Postfix) with ESMTP id 6602D37B423 for ; Sat, 19 Aug 2000 05:26:04 -0700 (PDT) Received: from odie ([209.197.133.89]) by smtp1.cybersurf.net (Netscape Messaging Server 4.15) with SMTP id FZJH7B00.PSY for ; Sat, 19 Aug 2000 06:25:59 -0600 Message-ID: <000201c009d9$132021c0$5985c5d1@odie> Reply-To: "Duke Normandin" From: "Duke Normandin" <01031149@3web.net> To: "freebsd-questions@FreeBSD.org" Subject: Re: Problem with FreeBSD behind a firewall Date: Fri, 18 Aug 2000 23:20:14 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Friday, August 18, 2000 2:51 PM Crist J . Clark wrote: >On Fri, Aug 18, 2000 at 10:04:57PM +0300, Giorgos Keramidas wrote: >> On Thu, Aug 17, 2000 at 10:59:23PM -0700, Crist J . Clark wrote: >> > On Thu, Aug 17, 2000 at 12:04:52PM -0400, SILVER, MICHAEL A wrote: >> > > I have a situation where my FBSD machine sits behind a hardware firewall and >> > > is inaccessible from the outside world. The problem is, it needs to be >> > > accessible. The HW firewall is setup to pass all traffic to a specific >> > > internet IP to the FBSD firewall, but this appears not to be happening, OR >> > > the FBSD machine is not responding properly. I need to find out which is >> > > the problem and correct it. (I don't have access to the HW firewall) >> > >> > Sniff (tcpdump) the external interface of the FreeBSD machine, >> > 10.0.0.20. Try to connect to it from the Internet. Watch the tcpdump >> > output and see if the packets are coming in. >> >> It is quite probable that I miss some subtle point here, but unless I am >> a complete fool, this address (10.0.0.20) belongs to the 10.0.0.0/8 >> block of IP's which most routers in Internet should recognize as a >> 'private network' address block and refuse to route from/to. >> >> I think that using a real IP address to the outside interface of the >> FreeBSD firewall is going to solve a lot of the problems at hand. > >Note the origian poster's remark, "...my FBSD machine sits behind a >hardware firewall..." It is implicit in his remarks that that firewall >machine is doing NAT before traffic from his FreeBSD machine hits the >Internet. > >But you are correct in some sense. If he can get a registered address >routed to his FreeBSD box, it would be reachable from the >outside. However, if he can get the "hardware firewall" to do >redirects, he could do it that way without changing the 10-net >address. >-- >Crist J. Clark cjclark@alum.mit.com So this thread won't be wasted on me, I need to know what a "hardware firewall" is, please. I can take a wild-ass guess ;^), but I've *never won any loteries either. As well, the term "dual-homed" was used early in the thread -- would you briefly explain that term as well, please. Tia.... -duke To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message