Date: Fri, 18 Aug 2000 02:22:18 -0400 From: "Andrew C. Greenberg" <werdna@mucow.com> To: "SILVER, MICHAEL A" <MSILVER@scana.com> Cc: "'freebsd-questions@FreeBSD.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Problem with FreeBSD behind a firewall Message-ID: <p04310124b5c2848e0694@[10.0.1.4]> In-Reply-To: <DBB3921EFE2AD211A81500A0C9B5FE760579457F@msg04.scana.com> References: <DBB3921EFE2AD211A81500A0C9B5FE760579457F@msg04.scana.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>FYI: The FBSD machine also acts as a firewall for a small subnet. So there >are actually two firewalls (see diagram below). Currently everyone on the >internal net can access the internet successfully. I am using ifpw and natd >for this. Only incoming traffic is failing. > > Internet FBSD Firewall > o---(public addresses)----o----(10.0.20)-----o----(172.16.1)-----o > HW Firewall Internal Net It is difficult even to guess where the problem lies without more information, in particular the firewall rules, at least, of the FBSD Firewall. However, "stock" firewall rulesets typically have rules to drop all packets from unregisterable network addresses, such as those from 10.0.20.0/24. If you are going to use the 10.0.20.0/24 network between the two walls, the FBSD firewall should not have such a rule. In short, this may not be a case of an "FBSD machine not responding properly," but rather a case of it doing PRECISELY what it was supposed to do: drop all packets from the red side that originate from an unregisterable network. But the devil is always in the details -- without actually looking at the rulesets or logs of one or both machines, the best you can do is sniff packets on all sides and try to guess from there where the traffic is being dropped. -- Andrew C. Greenberg acg@netwolves.com V.P. Eng., R&D, 813.885.2779 (office) NetWolves Corporation 813.885.2380 (facsimile) www.netwolves.com Please use werdna@mucow.com instead of werdna@gate.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p04310124b5c2848e0694>