From owner-freebsd-questions@FreeBSD.ORG Sat Aug 25 21:59:01 2007 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5418F16A41A for ; Sat, 25 Aug 2007 21:59:01 +0000 (UTC) (envelope-from dkelly@HiWAAY.net) Received: from bee.hiwaay.net (bee.hiwaay.net [216.180.54.11]) by mx1.freebsd.org (Postfix) with ESMTP id 1518D13C45A for ; Sat, 25 Aug 2007 21:59:00 +0000 (UTC) (envelope-from dkelly@HiWAAY.net) Received: from [10.0.0.2] ([216.186.148.249]) (authenticated bits=0) by bee.hiwaay.net (8.13.8/8.13.8) with ESMTP id l7PLisjX1193462 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Sat, 25 Aug 2007 16:44:57 -0500 (CDT) In-Reply-To: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com> References: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: David Kelly Date: Sat, 25 Aug 2007 16:45:17 -0500 To: Narek Gharibyan X-Mailer: Apple Mail (2.752.3) Cc: FreeBSD Questions Subject: Re: IPFW and HTTPS problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD Questions List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2007 21:59:01 -0000 On Aug 25, 2007, at 4:15 PM, Narek Gharibyan wrote: > I enabled https for my webmail. It works for LAN client but doesn't > work for > Internet clients. I checked with tcpdump ipfw filters the incomping > https > packets unless the rule tcpdump is the hard way. # ipfw zero try the webmail. # ipfw -a list Examine the above list for rules have been hit since zero. Your answer lies among the rules which have been hit. You might add "ipfw add 65000 deny log ip from any to any" and see what shows in /var/log/security for more details. If you see hits on a rule but don't understand why, add "log" to it. Probably best to duplicate that rule with a lower number so the "log" version is used first. And easy to remove the logging version later without touching the original. -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.