From owner-freebsd-questions Thu Aug 17 9: 8: 9 2000 Delivered-To: freebsd-questions@freebsd.org Received: from falcon.scana.com (falcon.scana.com [161.156.101.7]) by hub.freebsd.org (Postfix) with ESMTP id 9595237B699 for ; Thu, 17 Aug 2000 09:07:58 -0700 (PDT) Received: by falcon.scana.com; id MAA16975; Thu, 17 Aug 2000 12:07:50 -0400 (EDT) Received: from maildmis.scana.com(161.156.252.68) by falcon.scana.com via smap (V5.5) id xmaa16937; Thu, 17 Aug 00 12:07:09 -0400 Received: from msg11.scana.com [161.156.252.68] by msg11.scana.com [161.156.252.68] (CMSPraetor 4.1.3395) with ESMTP id 82942F41743711D4B3F400A0C98F15C0 for ; Thu, 17 Aug 2000 12:04:53 -0400 Received: by maildmis.scana.com with Internet Mail Service (5.5.2650.21) id ; Thu, 17 Aug 2000 12:04:53 -0400 Message-ID: From: "SILVER, MICHAEL A" To: "'freebsd-questions@FreeBSD.org'" Subject: Problem with FreeBSD behind a firewall Date: Thu, 17 Aug 2000 12:04:52 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a situation where my FBSD machine sits behind a hardware firewall and is inaccessible from the outside world. The problem is, it needs to be accessible. The HW firewall is setup to pass all traffic to a specific internet IP to the FBSD firewall, but this appears not to be happening, OR the FBSD machine is not responding properly. I need to find out which is the problem and correct it. (I don't have access to the HW firewall) FYI: The FBSD machine also acts as a firewall for a small subnet. So there are actually two firewalls (see diagram below). Currently everyone on the internal net can access the internet successfully. I am using ifpw and natd for this. Only incoming traffic is failing. Internet FBSD Firewall o---(public addresses)----o----(10.0.20)-----o----(172.16.1)-----o HW Firewall Internal Net My question is this, do I need to assign the valid internet address from the HW firewall to the FBSD box so that it can respond to outside requests properly? Currently it is dual homed, but with private addresses. I tried using an IP alias, and this made NATD bomb. Will logging show if traffic is actually being passed through the hardware firewall to the FBSD machine? I would include config files, but I don't currently have access to the machine. If this is where the problem may lie, I will get access. People on the internal net AND on the 10.0.20 net can access the FBSD machine, just not people from the internet. ...Thanks... ...Michael Silver... P.S. I did find some messages relating to such situations, however the links they provided were either invalid or didn't contain relevant material. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message