From owner-freebsd-ipfw@FreeBSD.ORG  Tue Sep 25 20:19:32 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1633A16A417
	for <freebsd-ipfw@freebsd.org>; Tue, 25 Sep 2007 20:19:32 +0000 (UTC)
	(envelope-from ady@ady.ro)
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239])
	by mx1.freebsd.org (Postfix) with ESMTP id A4FD713C4A3
	for <freebsd-ipfw@freebsd.org>; Tue, 25 Sep 2007 20:19:31 +0000 (UTC)
	(envelope-from ady@ady.ro)
Received: by wr-out-0506.google.com with SMTP id 70so713615wra
	for <freebsd-ipfw@freebsd.org>; Tue, 25 Sep 2007 13:19:31 -0700 (PDT)
Received: by 10.142.83.4 with SMTP id g4mr1731344wfb.1190751168182;
	Tue, 25 Sep 2007 13:12:48 -0700 (PDT)
Received: by 10.142.102.8 with HTTP; Tue, 25 Sep 2007 13:12:48 -0700 (PDT)
Message-ID: <78cb3d3f0709251312i546b26dfie9201d855fbd9b81@mail.gmail.com>
Date: Tue, 25 Sep 2007 23:12:48 +0300
From: "Adrian Penisoara" <ady@freebsd.ady.ro>
Sender: ady@ady.ro
To: "afsin cakir" <afsincakir@hotmail.com>
In-Reply-To: <BLU107-W44B7D01451709D475F7A03CEB70@phx.gbl>
MIME-Version: 1.0
References: <BLU107-W44B7D01451709D475F7A03CEB70@phx.gbl>
X-Google-Sender-Auth: 6061988c42a4ada7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw + natd + stateful
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2007 20:19:32 -0000

Hi,

On 9/25/07, afsin cakir <afsincakir@hotmail.com> wrote:
>
>
>
> I'm using 6,2 Relase with working caching only dns server. I'm testing
> ipfw for learning. this is my ipfw rules. I have a problem this config.
> I can browse internet but I can't login to hotmail.the page not
> displaying.


You should get hold of tcpdump and try getting a dump analysis on your
public interface to see what kind of (weird) packets you are seeing from
hotmail.com.
Also since you have "log" statements on your deny rules, make sure that the
"net.inet.ip.fw.verbose" sysctl is set to 1 and check the syslogs for
possibly problematic dropped packets.

Regards,
Adrian Penisoara.