Date: Wed, 7 Jun 2000 19:45:41 -0500 (CDT) From: Gabriel <gmains@southwind.net> To: freebsd-questions@FreeBSD.ORG Subject: Unusual router setup.... Message-ID: <Pine.BSI.4.21.0006071926240.19403-100000@jasper.southwind.net>
next in thread | raw e-mail | index | archive | help
I have set up a server in my house. It has 3 NICs in it. 1 connected to my DSL modem with a static IP block (dc0), 1 connected to a hub with another static IP block (dc1), and the last connected to a different hub running private IP (ep0). The NICs are as follows: ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252" ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248" ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0" The router box is running ipfw and natd so that the machines behind it can have access to the outside world. I also have apache running on the router box. www.damn-cool.net is mapped to dc1, one of the internal NICs. Here is my problem: I have set up ipfw as "open" in /etc/rc.conf and yet I still can not get my web site to be accessable to anyone outside of my internal network. The web browser just sits there waiting for a response from the http server. What am I doing wrong? I would really like to close up some of the gaping holes in my firewall by setting it to simple or filename and making my own config file, but I need to get the web server figured out first. I can't understand why the firewall would be messing with the web server if the firewall is set to open. Help! Here is my rc.conf file: linux_enable="YES" moused_port="/dev/cuaa1" moused_type="intellimouse" moused_enable="YES" saver="fire" ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252" hostname="route-1.damn-cool.net" ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248" network_interfaces="ep0 dc1 dc0 lo0" defaultrouter="209.134.127.238" gateway_enable=YES firewall_enable=YES firewall_type="open" natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="dc0" # Public interface or IPaddress to use. natd_flags="-unregistered_only" # Additional flags for natd. And here is my hosts.allow file: ALL : PARANOID : RFC931 20 : deny telnetd : ALL : deny sshd : ALL : allow httpd : ALL : allow ntalkd : ALL : allow nntpd : ALL : allow ALL : localhost : allow sendmail : localhost : allow sendmail : 206.53.106. : allow sendmail : 209.134.101.57 : deny sendmail : 209.134. : allow portmap : localhost : allow portmap : ALL : allow ftpd : localhost : allow ftpd : ALL : allow fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ : deny ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h." And this is what is compiled into my kernel: options IPFIREWALL #natd stuff from man pages options IPDIVERT #natd stuff from man pages options IPFIREWALL_DEFAULT_TO_ACCEPT #maybe this will help http to work Thanks for your time! Gabriel =============================================================================== ------------------------------------------------------------------------------- Gabriel SouthWind Internet Access, Inc. Department Manager 120 S. Market SouthWind Technical Support 800-525-7963 ------------------------------------------------------------------------------- =============================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.21.0006071926240.19403-100000>