Date: Fri, 18 Aug 2000 13:49:42 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: Problem with FreeBSD behind a firewall Message-ID: <20000818134942.A98558@149.211.6.64.reflexcom.com> In-Reply-To: <20000818220457.B358@hades.hell.gr>; from keramida@ceid.upatras.gr on Fri, Aug 18, 2000 at 10:04:57PM %2B0300 References: <DBB3921EFE2AD211A81500A0C9B5FE760579457F@msg04.scana.com> <20000817225922.G28027@149.211.6.64.reflexcom.com> <20000818220457.B358@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 18, 2000 at 10:04:57PM +0300, Giorgos Keramidas wrote: > On Thu, Aug 17, 2000 at 10:59:23PM -0700, Crist J . Clark wrote: > > On Thu, Aug 17, 2000 at 12:04:52PM -0400, SILVER, MICHAEL A wrote: > > > I have a situation where my FBSD machine sits behind a hardware firewall and > > > is inaccessible from the outside world. The problem is, it needs to be > > > accessible. The HW firewall is setup to pass all traffic to a specific > > > internet IP to the FBSD firewall, but this appears not to be happening, OR > > > the FBSD machine is not responding properly. I need to find out which is > > > the problem and correct it. (I don't have access to the HW firewall) > > > > Sniff (tcpdump) the external interface of the FreeBSD machine, > > 10.0.0.20. Try to connect to it from the Internet. Watch the tcpdump > > output and see if the packets are coming in. > > It is quite probable that I miss some subtle point here, but unless I am > a complete fool, this address (10.0.0.20) belongs to the 10.0.0.0/8 > block of IP's which most routers in Internet should recognize as a > 'private network' address block and refuse to route from/to. > > I think that using a real IP address to the outside interface of the > FreeBSD firewall is going to solve a lot of the problems at hand. Note the origian poster's remark, "...my FBSD machine sits behind a hardware firewall..." It is implicit in his remarks that that firewall machine is doing NAT before traffic from his FreeBSD machine hits the Internet. But you are correct in some sense. If he can get a registered address routed to his FreeBSD box, it would be reachable from the outside. However, if he can get the "hardware firewall" to do redirects, he could do it that way without changing the 10-net address. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000818134942.A98558>