From owner-freebsd-questions  Thu May 20 19:59:25 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156])
	by hub.freebsd.org (Postfix) with ESMTP id 20F1B14D65
	for <freebsd-questions@FreeBSD.ORG>; Thu, 20 May 1999 19:59:23 -0700 (PDT)
	(envelope-from admin@pacex.net)
Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156])
	by almazs.pacex.net (8.9.2/8.9.2) with SMTP id TAA23860;
	Thu, 20 May 1999 19:59:22 -0700 (PDT)
Date: Thu, 20 May 1999 19:59:22 -0700 (PDT)
From: net admin <admin@pacex.net>
To: Doug White <dwhite@resnet.uoregon.edu>
Cc: freebsd-questions@FreeBSD.ORG
Subject: RE: IPFW rules & DNS issues
In-Reply-To: <Pine.BSF.4.03.9905201610580.10536-100000@resnet.uoregon.edu>
Message-ID: <Pine.BSF.3.96.990520194615.23846A-100000@almazs.pacex.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Thu, 20 May 1999, Doug White wrote:

> On Thu, 20 May 1999, net admin wrote:
> 
> > I am testing my firewall wall system and everything seems to work so far
> > except I am not able to dialin from remote laptop to my server and browse 
> > i.e netscape not able to locate the server check your URL ... and timeout.
> > I can however log to my network from a remote laptop through dialup and
> > authenticate using SSH no problem.
> > I can go out from the servers and all machines connected to them and do
> > everything.
> > I have a dual homed setup for my firewall/gateway machine
> > My ipfw is setup as `open' for the above testing
> > I have real IPs on all servers/workstations ( not using NATD)
> > 
> > Internet----[DSL router]---[ firewall ]-----[  LAN  ]
> > 
> > and ofcourse all machines running FreeBSD firewall is 3.1-R
> 
> Try turning on logging on the firewall and see if it's dropping the
> packets from the dialup link.

Thanks doug you're resourceful!!

No; ipfw is not dropping any packets
but when I temporarly bypass the gateway and connected the router to the
LAN hub I was able to browse  from the remote laptop no problem and I put
the connection back the way it was just as in the ASCIIgram above and I
continued to browse all over the net; it seems to me it is failing to make
the initial DNS lookup somewhere.
I also saw the error:
frank radius[236] dropping duplicate request for id185 from RAS

RAS is my dialup modem bank located in the LAN where the
DNS/RADIUS/HTTP/MAIL services are.


> 
> Doug White                               
> Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message