From owner-freebsd-questions@FreeBSD.ORG Mon May 9 23:09:44 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646A816A4EB for ; Mon, 9 May 2005 23:09:44 +0000 (GMT) Received: from s001.searchy.nl (s001.searchy.nl [82.94.249.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19E0243D88 for ; Mon, 9 May 2005 23:09:44 +0000 (GMT) (envelope-from freebsd@searchy.nl) Received: from [192.168.1.13] (53525E6F.cable.casema.nl [83.82.94.111]) by s001.searchy.nl (Postfix) with ESMTP id CB9AE8DA32 for ; Tue, 10 May 2005 01:09:42 +0200 (CEST) Message-ID: <427FEDB7.6000002@searchy.nl> Date: Tue, 10 May 2005 01:09:43 +0200 From: Frank de Bot User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipfw + natd => some sites won't work :-S X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 23:09:44 -0000 The ipfw rules standing without any other rules and '65535 allow ip from any to any' as last rule give the same behaviour. So it's not a firewall case. The network layout is posted in my reaction to Emanuel. Sites I can't access are: www.tweakers.net www.fok.nl www.yahoo.com www.userfriendly.org www.thinkgeek.com Sites i CAN access: www.google.com www.gmail.com www.fastclick.net fbsd_user wrote: > > Seeing snippet of your firewall rules is not giving us enough info > to work on. > You have to post complete rule set because of the way rules are > processed. > > Also an explanation of your private network layout and how you > connect to the internet is needed. > > List sites you can not access. > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Frank de > Bot > Sent: Monday, May 09, 2005 6:42 PM > To: freebsd-questions@freebsd.org > Subject: ipfw + natd => some sites won't work :-S > > > Hi, > > I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites > like > Google for instance does work, but many other don't. All other > protocols > seems to be working properly. But why are sites failing to do > anything? > I got running natd with the verbose option and successfull request > of > google is indentical to a random other site :S > The firewall I use is rather big. the most important piece is: > > 01200 723 652298 divert 8668 ip from any to 82.94.238.70 via > fxp0 > 01200 521 85279 divert 8668 ip from 10.0.5.0/24 to any > 01200 0 0 allow ip from any to 10.0.5.0/24 > 01201 524 85399 allow ip from 82.94.238.70 to any > 01201 3 144 allow ip from any to 82.94.238.70 > 01500 871494 216106437 allow tcp from any to any established > > > /etc/natd.conf is: > > alias_address %external_ip% > verbose > > > It just puzzles me why only some http request would fail and > everything > works fine! > Anyone got any idea? > > > Thanks in advanced, > > Frank de Bot > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"