From owner-freebsd-ipfw@FreeBSD.ORG  Sun Nov  3 15:30:42 2013
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 4CCD61F3
 for <freebsd-ipfw@freebsd.org>; Sun,  3 Nov 2013 15:30:42 +0000 (UTC)
 (envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id D0C56239E
 for <freebsd-ipfw@freebsd.org>; Sun,  3 Nov 2013 15:30:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch
 [IPv6:2001:8a8:1005:1:223:dfff:fedf:13c9]) (authenticated bits=0)
 by batman.home4u.ch (8.14.5/8.14.5) with ESMTP id rA3FUb8b067598
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
 for <freebsd-ipfw@freebsd.org>; Sun, 3 Nov 2013 16:30:37 +0100 (CET)
 (envelope-from fabian@wenks.ch)
Message-ID: <52766C1D.6020104@wenks.ch>
Date: Sun, 03 Nov 2013 16:30:37 +0100
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Subject: Re: NAT/ipfw blocking internal traffic
References: <789665157.296.1383076677766.JavaMail.root@phantombsd.org>
 <1695827686.288.1383250242478.JavaMail.root@phantombsd.org>
In-Reply-To: <1695827686.288.1383250242478.JavaMail.root@phantombsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2013 15:30:42 -0000

Hello Casey

On 31.10.2013 21:10, Casey Scott wrote:
> The problem I'm encountering is that a portion of my outbound internal
> traffic is being blocked by ipfw. This is a fresh Freebsd installaion, so
> I'm kind of at a loss since the config matches the handbook. Any suggestions
> are appreciated.

Did it block only already open TCP sessions after you did reload 
the firewall rules?

If yes, this is probably expected behavior because it also 
flushed the states.


bye
Fabian