From owner-freebsd-questions Thu May 20 19:59:25 1999 Delivered-To: freebsd-questions@freebsd.org Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156]) by hub.freebsd.org (Postfix) with ESMTP id 20F1B14D65 for ; Thu, 20 May 1999 19:59:23 -0700 (PDT) (envelope-from admin@pacex.net) Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156]) by almazs.pacex.net (8.9.2/8.9.2) with SMTP id TAA23860; Thu, 20 May 1999 19:59:22 -0700 (PDT) Date: Thu, 20 May 1999 19:59:22 -0700 (PDT) From: net admin To: Doug White Cc: freebsd-questions@FreeBSD.ORG Subject: RE: IPFW rules & DNS issues In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 20 May 1999, Doug White wrote: > On Thu, 20 May 1999, net admin wrote: > > > I am testing my firewall wall system and everything seems to work so far > > except I am not able to dialin from remote laptop to my server and browse > > i.e netscape not able to locate the server check your URL ... and timeout. > > I can however log to my network from a remote laptop through dialup and > > authenticate using SSH no problem. > > I can go out from the servers and all machines connected to them and do > > everything. > > I have a dual homed setup for my firewall/gateway machine > > My ipfw is setup as `open' for the above testing > > I have real IPs on all servers/workstations ( not using NATD) > > > > Internet----[DSL router]---[ firewall ]-----[ LAN ] > > > > and ofcourse all machines running FreeBSD firewall is 3.1-R > > Try turning on logging on the firewall and see if it's dropping the > packets from the dialup link. Thanks doug you're resourceful!! No; ipfw is not dropping any packets but when I temporarly bypass the gateway and connected the router to the LAN hub I was able to browse from the remote laptop no problem and I put the connection back the way it was just as in the ASCIIgram above and I continued to browse all over the net; it seems to me it is failing to make the initial DNS lookup somewhere. I also saw the error: frank radius[236] dropping duplicate request for id185 from RAS RAS is my dialup modem bank located in the LAN where the DNS/RADIUS/HTTP/MAIL services are. > > Doug White > Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve > http://gladstone.uoregon.edu/~dwhite | www.freebsd.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message