From owner-freebsd-questions@FreeBSD.ORG Mon Feb 13 14:29:14 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23C2916A420 for ; Mon, 13 Feb 2006 14:29:14 +0000 (GMT) (envelope-from bbobowski@gmail.com) Received: from fep1.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B82143D4C for ; Mon, 13 Feb 2006 14:29:13 +0000 (GMT) (envelope-from bbobowski@gmail.com) Received: from [192.168.0.2] (d235-186-39.home1.cgocable.net [24.235.186.39]) by fep1.cogeco.net (Postfix) with ESMTP id 4487AE917; Mon, 13 Feb 2006 09:29:12 -0500 (EST) Message-ID: <43F097BC.80308@gmail.com> Date: Mon, 13 Feb 2006 09:29:16 -0500 From: Brian Bobowski User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040626 Thunderbird/0.7.1 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Norberto Meijome References: <43F0935B.4020901@gmail.com> <43F095E6.2070901@meijome.net> In-Reply-To: <43F095E6.2070901@meijome.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD User Questions List Subject: Re: Firewall/Web server difficulties X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 14:29:14 -0000 Norberto Meijome wrote: >Brian Bobowski wrote: > > >>All right. I've got my firewall up and running, and my workstation can >>get almost anywhere it needs to just fine. >> >> > >you dont' say if you are using ipfw, ipf , pf.... > > > Sure I do. IPFW; mentioned lower down. >>I can access it by directly referencing the private-interface IP, but if >>my workstation tries to get to the public-interface IP, nothing happens. >>Can't even ping it. ICMP and port 80 TCP should both be allowed from >>anywhere... but they're not getting through. >> >> >(Assuming all your rules are ok...) AFAIK, you can't access the external > interface of a NAT'ed system from the LAN side. Simply use a DNS inside >that resolves the name you try to access to the internal interface >instead of the external. this is FAQ, i think... > > > I'm poking at that now, yes. I had difficulty getting it to work with virtual hosts... but I can at least reference it by the private-side IP address and get places. >>(So far as I can tell, it's >>not just me who's unable to access these.) >> >> >meaning others in your LAN? or others in the WAN? > > WAN. People have tried pinging and browsing, with no success. >>Does NAT simply not allow for servers to be running on the machine that >>performs it? I know it's not ideal, but I don't have the room to install >>another machine even if that were in my budget. I've set up NAT and IPFW >>per the directions in the handbook, and aside from that one difficulty, >>everything seems to be working. >> >>Please reply off the list. >> >> >CCing the list for the benefit of everyone else :) > >Beto > > > Hope the clarifications help, -BB