From owner-freebsd-newbies Sun Oct 20 2:50: 0 2002 Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 425F437B401 for ; Sun, 20 Oct 2002 02:49:59 -0700 (PDT) Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF33943E4A for ; Sun, 20 Oct 2002 02:49:58 -0700 (PDT) (envelope-from fortega2@pacbell.net) Received: from felipebox1 ([64.172.198.194]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0H49009J6XYZYJ@mta7.pltn13.pbi.net> for freebsd-newbies@freebsd.org; Sun, 20 Oct 2002 02:49:58 -0700 (PDT) Date: Sun, 20 Oct 2002 02:49:47 -0700 From: Felipe Ortega Subject: IPFW+NATD Problem To: freebsd-newbies@freebsd.org Reply-To: fortega@fortega.com Message-id: <000501c2781e$0999edb0$1e00a8c0@felipebox1> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm encountering a problem that I can't seem to solve. The problem I'm having is: After enabling NATD+IFPW some websites are timing out or not coming up at all...for example if I go to www.newegg.com the browser will stay on "waiting for reply" it will eventually time out. When pinging www.newegg.com from the host machine running FreeBSD 4.6 natd+ipfw I get this message: PING www.newegg.com (65.119.30.181): 56 data bytes 36 bytes from 65.114.177.238: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 1e8f 0 0000 35 01 ff7f 64.172.198.194 65.119.30.181 This isn't the only site I'm having problems accessing.The percentage of sites that give me this exact problem is around 10% of all web sites I visit.but I have no issues with 90% of websites. One thing I did find in common with all the sites I'm unable to access is they all have the same ping message when pinging them "Communication prohibited by filter". My ipfw list is as follows: 00050 divert 8668 ip from any to any via dc0 00100 allow ip from any to any via lo0 65000 allow ip from any to any 65535 deny ip from any to any I know it's not secure at the moment.I'm trying to solve the problem stated above before securing the firewall. Any help will be appreciated fortega@fortega.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message