From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 15:49:54 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B5F016A41F for ; Mon, 19 Sep 2005 15:49:54 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (62-15-217-181.inversas.jazztel.es [62.15.217.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8682443D45 for ; Mon, 19 Sep 2005 15:49:52 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200]) by strange.daemonsecurity.com (Postfix) with ESMTP id D420C2E021; Mon, 19 Sep 2005 17:49:50 +0200 (CEST) Message-ID: <432EDE1D.2050107@locolomo.org> Date: Mon, 19 Sep 2005 17:49:49 +0200 From: Erik Norgaard User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050824) X-Accept-Language: en-us, en MIME-Version: 1.0 To: jonas References: <20050919172642.45408cf9@localhost> In-Reply-To: <20050919172642.45408cf9@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: problem with IPF rules - port 80 not accessible X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 15:49:54 -0000 jonas wrote: > the httpd is not accessible from the internet and i don't understant > why, i probably made some stupid mistake in the firewall rules... this > is the first time i'm setting up a firewall from scratch. Do you at all have access? > (any errors in it? outbound internet acces works fine) I shall try to disect your ruleset: > @1 pass in log quick on ng0 proto tcp from any to 128.176.0.0/16 port = 80 > @2 pass in log quick on ng0 proto tcp from any to 192.168.0.1/32 port = 443 > @3 pass in log quick on ng0 proto tcp from any to 192.168.0.1/32 port = 22 > @4 pass in log quick on ng0 proto udp from any to 192.168.0.1/32 port = 22 Do you see anything strange in the first rule compared to the following three? You said ssh worked right? > where rl0 is the LAN interface, rl1 is connected to a DSL-modem, ng0 is > the tunnel interface mpd creates, 192.168.0.1 is the IP of my > freebsd gateway and 172.16.0.1 is the IP of the PPTP-server (a cisco > device i think). You should make an ascii sketch, it's far easier to understand which iterface is connected to what and where traffic goes. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9