Date: Wed, 7 Jun 2000 19:45:41 -0500 (CDT) From: Gabriel <gmains@southwind.net> To: freebsd-questions@FreeBSD.ORG Subject: Unusual router setup.... Message-ID: <Pine.BSI.4.21.0006071926240.19403-100000@jasper.southwind.net>
next in thread | raw e-mail | index | archive | help
I have set up a server in my house. It has 3 NICs in it. 1 connected to my
DSL modem with a static IP block (dc0), 1 connected to a hub with another
static IP block (dc1), and the last connected to a different hub running
private IP (ep0).
The NICs are as follows:
ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252"
ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248"
ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
The router box is running ipfw and natd so that the machines behind it can
have access to the outside world. I also have apache running on the router
box. www.damn-cool.net is mapped to dc1, one of the internal NICs.
Here is my problem:
I have set up ipfw as "open" in /etc/rc.conf and yet I still can not get
my web site to be accessable to anyone outside of my internal network. The
web browser just sits there waiting for a response from the http
server. What am I doing wrong? I would really like to close up some of the
gaping holes in my firewall by setting it to simple or filename and making
my own config file, but I need to get the web server figured out first. I
can't understand why the firewall would be messing with the web server if
the firewall is set to open. Help!
Here is my rc.conf file:
linux_enable="YES"
moused_port="/dev/cuaa1"
moused_type="intellimouse"
moused_enable="YES"
saver="fire"
ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252"
hostname="route-1.damn-cool.net"
ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248"
network_interfaces="ep0 dc1 dc0 lo0"
defaultrouter="209.134.127.238"
gateway_enable=YES
firewall_enable=YES
firewall_type="open"
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="dc0" # Public interface or IPaddress to use.
natd_flags="-unregistered_only" # Additional flags for natd.
And here is my hosts.allow file:
ALL : PARANOID : RFC931 20 : deny
telnetd : ALL : deny
sshd : ALL : allow
httpd : ALL : allow
ntalkd : ALL : allow
nntpd : ALL : allow
ALL : localhost : allow
sendmail : localhost : allow
sendmail : 206.53.106. : allow
sendmail : 209.134.101.57 : deny
sendmail : 209.134. : allow
portmap : localhost : allow
portmap : ALL : allow
ftpd : localhost : allow
ftpd : ALL : allow
fingerd : ALL \
: spawn (echo Finger. | \
/usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
: deny
ALL : ALL \
: severity auth.info \
: twist /bin/echo "You are not welcome to use %d from %h."
And this is what is compiled into my kernel:
options IPFIREWALL #natd stuff from man pages
options IPDIVERT #natd stuff from man pages
options IPFIREWALL_DEFAULT_TO_ACCEPT #maybe this will help http to work
Thanks for your time!
Gabriel
===============================================================================
-------------------------------------------------------------------------------
Gabriel SouthWind Internet Access, Inc.
Department Manager 120 S. Market
SouthWind Technical Support 800-525-7963
-------------------------------------------------------------------------------
===============================================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.21.0006071926240.19403-100000>