From owner-freebsd-questions Thu Apr 11 12:16: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from web13602.mail.yahoo.com (web13602.mail.yahoo.com [216.136.175.113]) by hub.freebsd.org (Postfix) with SMTP id B4D2F37B400 for ; Thu, 11 Apr 2002 12:16:03 -0700 (PDT) Message-ID: <20020411191603.57249.qmail@web13602.mail.yahoo.com> Received: from [64.81.154.35] by web13602.mail.yahoo.com via HTTP; Thu, 11 Apr 2002 12:16:03 PDT Date: Thu, 11 Apr 2002 12:16:03 -0700 (PDT) From: Brian Eagan Reply-To: brian@fz-partners.com Subject: freebsd bridge+ipfw problem To: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I'm attempting to install a freebsd bridge/ipfw box in-line between an sdsl line and a small switched ethernet lan. I've come across a very odd problem it seems: all network traffic seems to go through fine (i have the firewall to open while setting everything up), for example I can ssh to one of the freebsd boxes on the lan and then ssh to the lan-side interface (which has an IP on it) on the bridge box just fine. The problem comes in when I try out my neato web server from outside the lan (inside it's ok!). I can, for example, telnet to www:80 and type my GET / HTTP1.1 and watch it come up in my access logs via apache, however the webserver never returns anything to the telnet window (ie the html file) Like I said, if I'm on Box 2 in the lan and do a lynx or telnet www 80, i get the expected HTML just fine. In the course of testing i've tried: -disabling http keep-alives (grasping here) -re-doing my cabling such that the ethernet from the sdsl box is directly on my http server, in which case it works fine -Putting options IPSTEALTH in the bridge kernel (wanted to anyway) -restarting the webserver (apache 1.3.newest) my applicable kernel options on the bridge: options IPFIREWALL options IPDIVERT options DUMMYNET options IPFIREWALL_FORWARD #enable transparent proxy support options IPSTEALTH #support forstealthforwarding options BRIDGE I'm running 4.5-Release Am I missing something obvious? I hope so! :) If you have any suggestions or ideas please let me know Thank you all, Brian Eagan brian@kidfu.com __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message