Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Aug 2000 12:04:52 -0400
From:      "SILVER, MICHAEL A" <MSILVER@scana.com>
To:        "'freebsd-questions@FreeBSD.org'" <freebsd-questions@FreeBSD.org>
Subject:   Problem with FreeBSD behind a firewall
Message-ID:  <DBB3921EFE2AD211A81500A0C9B5FE760579457F@msg04.scana.com>
next in thread | raw e-mail | index | archive | help 
I have a situation where my FBSD machine sits behind a hardware firewall and
is inaccessible from the outside world.  The problem is, it needs to be
accessible.  The HW firewall is setup to pass all traffic to a specific
internet IP to the FBSD firewall, but this appears not to be happening, OR
the FBSD machine is not responding properly.  I need to find out which is
the problem and correct it.  (I don't have access to the HW firewall)

FYI:  The FBSD machine also acts as a firewall for a small subnet.  So there
are actually two firewalls (see diagram below).  Currently everyone on the
internal net can access the internet successfully.  I am using ifpw and natd
for this.  Only incoming traffic is failing. 

   Internet                               FBSD Firewall  
      o---(public addresses)----o----(10.0.20)-----o----(172.16.1)-----o
                          HW Firewall                     Internal Net

My question is this, do I need to assign the valid internet address from the
HW firewall to the FBSD box so that it can respond to outside requests
properly?  Currently it is dual homed, but with private addresses.  I tried
using an IP alias, and this made NATD bomb.  Will logging show if traffic is
actually being passed through the hardware firewall to the FBSD machine?

I would include config files, but I don't currently have access to the
machine.  If this is where the problem may lie, I will get access.  People
on the internal net AND on the 10.0.20 net can access the FBSD machine, just
not people from the internet.

...Thanks...
...Michael Silver...

P.S.  I did find some messages relating to such situations, however the
links they provided were either invalid or didn't contain relevant material.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBB3921EFE2AD211A81500A0C9B5FE760579457F>