From owner-freebsd-questions@FreeBSD.ORG Mon Feb 13 14:34:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1681716A420 for ; Mon, 13 Feb 2006 14:34:02 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95B0F43D73 for ; Mon, 13 Feb 2006 14:34:01 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: (qmail 16345 invoked from network); 14 Feb 2006 01:34:01 +1100 Received: from 203-217-43-43.dyn.chime.net.au (HELO ?192.168.13.3?) (203.217.43.43) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 14 Feb 2006 01:34:01 +1100 Message-ID: <43F098D1.2000708@meijome.net> Date: Tue, 14 Feb 2006 01:33:53 +1100 From: Norberto Meijome User-Agent: Thunderbird 1.5 (X11/20060206) MIME-Version: 1.0 To: Brian Bobowski References: <43F0935B.4020901@gmail.com> <43F095E6.2070901@meijome.net> <43F097BC.80308@gmail.com> In-Reply-To: <43F097BC.80308@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD User Questions List Subject: Re: Firewall/Web server difficulties X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 14:34:02 -0000 Brian Bobowski wrote: > Norberto Meijome wrote: > >> Brian Bobowski wrote: >> >> >>> All right. I've got my firewall up and running, and my workstation can >>> get almost anywhere it needs to just fine. >>> >> >> you dont' say if you are using ipfw, ipf , pf.... >> >> >> > Sure I do. IPFW; mentioned lower down. sorry my bad >>> I can access it by directly referencing the private-interface IP, but if >>> my workstation tries to get to the public-interface IP, nothing happens. >>> Can't even ping it. ICMP and port 80 TCP should both be allowed from >>> anywhere... but they're not getting through. >>> >> (Assuming all your rules are ok...) AFAIK, you can't access the external >> interface of a NAT'ed system from the LAN side. Simply use a DNS inside >> that resolves the name you try to access to the internal interface >> instead of the external. this is FAQ, i think... >> >> >> > I'm poking at that now, yes. I had difficulty getting it to work with > virtual hosts... but I can at least reference it by the private-side IP > address and get places. assuming you are using Apache, you can use * for Ip address and let it be name-based virt host. >>> (So far as I can tell, it's >>> not just me who's unable to access these.) >>> >> meaning others in your LAN? or others in the WAN? >> >> > WAN. People have tried pinging and browsing, with no success. then I would review the rules... good luck B