From owner-freebsd-stable Fri Feb 19 6:51:57 1999 Delivered-To: freebsd-stable@freebsd.org Received: from horse.supranet.net (horse.supranet.net [205.164.160.8]) by hub.freebsd.org (Postfix) with ESMTP id 533A6114BD for ; Fri, 19 Feb 1999 06:51:53 -0800 (PST) (envelope-from gavinb@supranet.net) Received: from rat (rat.supranet.net [205.164.160.15]) by horse.supranet.net (8.9.1/8.9.1) with SMTP id IAA04819; Fri, 19 Feb 1999 08:51:45 -0600 (CST) Message-Id: <4.1.19990219084638.03665870@mail.supranet.net> X-Sender: gavinb@mail.supranet.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 19 Feb 1999 08:53:26 -0600 To: Francois LAISSUS From: Benjamin Gavin Subject: Re:Problems with ipfw/nat Cc: freebsd-stable@freebsd.org In-Reply-To: <19990219102254.B28285@laissus.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, After much messing around, I am still unable to get this stuff to work. I just wanted to clear up one thing before I continue. In /etc/rc.conf you can specify a filename where your local firewall rules are located. (i.e. firewall_type="/etc/rc.firewall.local"). If you do it this way, ipfw will be called like "ipfw /etc/rc.firewall.local". This will run through the file and perform whatever commands you have listed there. I do it this way so as I don't have to directly modify /etc/rc.firewall. I believe this is a perfectly standard way to do it. Please correct me if I am wrong. Anyway, onto my real problem. I have been able to set up the firewall to allow access to internal POP3, and SMTP servers, but am still unable to get an answer from internal HTTP servers. Just going in and changing the relevant rules (i.e. changing port 25 to port 80) just doesn't work. Is there something intrinsicly different about the HTTP protocal that does not allow if to function correctly from the inside of a firewall?? Is it trying to reply on a different port or something? I mean that I can't even telnet through on port 80 and get a prompt. It just hangs there. However, like I said I can get through to SMTP and POP3 servers fine, _USING THE SAME MACHINE AND FIREWALL_!!! Needless to say, I am mucho confused... Please does anyone out there have any ideas at all??? Thanks, Ben At 10:22 AM 2/19/99 +0100, Francois LAISSUS wrote: >Hi, >I'm trying to understand your question from your configuration : > >>_rc.conf.site_: >>gateway_enable="YES" >>firewall_enable="YES" >>firewall_type="/etc/rc.firewall.local" # Contains my local firewall rules > ^^^^^^^^^^^^^^^^^^^^^^ >It seems to me that here you should write the *name* of type >of rules finds in /etc/rc.firewall, not the file name. >It runs fine for me under 2.2.xx > >Hope that helps > >F.Laissus > >-- >____ Francois Laissus _________________________ >____ Cabinet d'Etudes Informatiques - Paris - France ____________________ >____ Tel 33 (0)1.43.31.54.75 - Fax 33 (0)1.43.31.54.85 _______________ /--------------------------------------------------------------------------/ Benjamin Gavin - Senior Consultant *********** NO SPAM!! ************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message