Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 Oct 2000 17:18:20 -0700
From:      Brent Kearney <brent@kearneys.ca>
To:        Steve Jorgensen <steve@khoral.com>
Cc:        FreeBSD Questions <freebsd-questions@FreeBSD.org>
Subject:   Re: ipfw & natd config problems
Message-ID:  <20001002171820.B6866@kearneys.ca>
In-Reply-To: <200010021919.NAA09032@khoral.com>; from steve@khoral.com on Mon, Oct 02, 2000 at 01:19:01PM -0600
References:  <200010021919.NAA09032@khoral.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Oct 02, 2000 at 01:19:01PM -0600, Steve Jorgensen wrote:
> 
> 	I'm trying to set up a FreeBSD-4.1.1 box as a
>         firewall for my network.  We're using ipfw and natd.
>         I've got things pretty much working, but I'm having
>         two problems..
> 
>         #1:  I get lots of messages like:
> 
>         natd[163]: failed to write packet back (Permission denied)
> 
>         I can't figure out why this is happening.
> 
>         #2: Externally, I can get to our webserver using the
>         public address (www.khoral.com).  However, internally,
>         I get connection denied whenever I use www.khoral.com,
>         but the internal hostname works fine.  Natd is redirecting
>         port 80 on the external interface to the internal web
>         server.  Is there anyway to configure this so that the
>         external names for ftp and www work for internal machines?
> 
>         Thanks for any help.
 
It sounds like ipfw is blocking access from 192.168. (or some other
internal net) addresses on one interface.  Look in your rc.firewall 
for a rule like:

     $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
     $fwcmd add deny log all from any to 192.168.0.0:255.255.0.0 via ${oif}

Aside from playing around with this type of fw rule, try starting natd
in debug mode to get a closer look at what is going on.

Good luck!

-Brent


---------------------------------------------------------------
Brent Kearney
brent@kearneys.ca

"...thus the metric system did not really catch on in the States,
unless you count the increasing popularity of the nine-millimeter
bullet."

--Dave Barry 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001002171820.B6866>