From owner-freebsd-questions Wed Jun 7 17:45:47 2000 Delivered-To: freebsd-questions@freebsd.org Received: from jasper.southwind.net (jasper.southwind.net [206.53.103.7]) by hub.freebsd.org (Postfix) with ESMTP id ECFBB37B62A for ; Wed, 7 Jun 2000 17:45:42 -0700 (PDT) (envelope-from gmains@southwind.net) Received: from localhost (gmains@localhost) by jasper.southwind.net (8.10.1/8.10.1) with ESMTP id e580jf020044 for ; Wed, 7 Jun 2000 19:45:41 -0500 (CDT) X-Authentication-Warning: jasper.southwind.net: gmains owned process doing -bs Date: Wed, 7 Jun 2000 19:45:41 -0500 (CDT) From: Gabriel To: freebsd-questions@FreeBSD.ORG Subject: Unusual router setup.... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have set up a server in my house. It has 3 NICs in it. 1 connected to my DSL modem with a static IP block (dc0), 1 connected to a hub with another static IP block (dc1), and the last connected to a different hub running private IP (ep0). The NICs are as follows: ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252" ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248" ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0" The router box is running ipfw and natd so that the machines behind it can have access to the outside world. I also have apache running on the router box. www.damn-cool.net is mapped to dc1, one of the internal NICs. Here is my problem: I have set up ipfw as "open" in /etc/rc.conf and yet I still can not get my web site to be accessable to anyone outside of my internal network. The web browser just sits there waiting for a response from the http server. What am I doing wrong? I would really like to close up some of the gaping holes in my firewall by setting it to simple or filename and making my own config file, but I need to get the web server figured out first. I can't understand why the firewall would be messing with the web server if the firewall is set to open. Help! Here is my rc.conf file: linux_enable="YES" moused_port="/dev/cuaa1" moused_type="intellimouse" moused_enable="YES" saver="fire" ifconfig_dc0="inet 209.134.127.237 netmask 255.255.255.252" hostname="route-1.damn-cool.net" ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_dc1="inet 209.134.101.81 netmask 255.255.255.248" network_interfaces="ep0 dc1 dc0 lo0" defaultrouter="209.134.127.238" gateway_enable=YES firewall_enable=YES firewall_type="open" natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="dc0" # Public interface or IPaddress to use. natd_flags="-unregistered_only" # Additional flags for natd. And here is my hosts.allow file: ALL : PARANOID : RFC931 20 : deny telnetd : ALL : deny sshd : ALL : allow httpd : ALL : allow ntalkd : ALL : allow nntpd : ALL : allow ALL : localhost : allow sendmail : localhost : allow sendmail : 206.53.106. : allow sendmail : 209.134.101.57 : deny sendmail : 209.134. : allow portmap : localhost : allow portmap : ALL : allow ftpd : localhost : allow ftpd : ALL : allow fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ : deny ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h." And this is what is compiled into my kernel: options IPFIREWALL #natd stuff from man pages options IPDIVERT #natd stuff from man pages options IPFIREWALL_DEFAULT_TO_ACCEPT #maybe this will help http to work Thanks for your time! Gabriel =============================================================================== ------------------------------------------------------------------------------- Gabriel SouthWind Internet Access, Inc. Department Manager 120 S. Market SouthWind Technical Support 800-525-7963 ------------------------------------------------------------------------------- =============================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message