From owner-freebsd-questions Fri Aug 18 12:38: 0 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3]) by hub.freebsd.org (Postfix) with ESMTP id 3697037B423 for ; Fri, 18 Aug 2000 12:37:57 -0700 (PDT) Received: from hades.hell.gr (ppp3.patr.hellasnet.gr [212.54.197.18]) by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id WAA03049; Fri, 18 Aug 2000 22:38:30 +0200 (GMT) Received: (from charon@localhost) by hades.hell.gr (8.10.2/8.10.2) id e7IJ4vH00800; Fri, 18 Aug 2000 22:04:57 +0300 (EEST) Date: Fri, 18 Aug 2000 22:04:57 +0300 From: Giorgos Keramidas To: cjclark@alum.mit.edu Cc: "SILVER, MICHAEL A" , "freebsd-questions@FreeBSD.org" Subject: Re: Problem with FreeBSD behind a firewall Message-ID: <20000818220457.B358@hades.hell.gr> References: <20000817225922.G28027@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20000817225922.G28027@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Thu, Aug 17, 2000 at 10:59:23PM -0700 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Aug 17, 2000 at 10:59:23PM -0700, Crist J . Clark wrote: > On Thu, Aug 17, 2000 at 12:04:52PM -0400, SILVER, MICHAEL A wrote: > > I have a situation where my FBSD machine sits behind a hardware firewall and > > is inaccessible from the outside world. The problem is, it needs to be > > accessible. The HW firewall is setup to pass all traffic to a specific > > internet IP to the FBSD firewall, but this appears not to be happening, OR > > the FBSD machine is not responding properly. I need to find out which is > > the problem and correct it. (I don't have access to the HW firewall) > > Sniff (tcpdump) the external interface of the FreeBSD machine, > 10.0.0.20. Try to connect to it from the Internet. Watch the tcpdump > output and see if the packets are coming in. It is quite probable that I miss some subtle point here, but unless I am a complete fool, this address (10.0.0.20) belongs to the 10.0.0.0/8 block of IP's which most routers in Internet should recognize as a 'private network' address block and refuse to route from/to. I think that using a real IP address to the outside interface of the FreeBSD firewall is going to solve a lot of the problems at hand. -- Giorgos Keramidas, For my public pgp2 key: finger -l keramida@diogenis.ceid.upatras.gr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message