From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 29 16:30:44 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C56E816A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Dec 2003 16:30:44 -0800 (PST)
Received: from web40707.mail.yahoo.com (web40707.mail.yahoo.com
	[66.218.78.164])	by mx1.FreeBSD.org (Postfix) with SMTP id 6BFAC43D41
	for <freebsd-questions@freebsd.org>;
	Mon, 29 Dec 2003 16:30:40 -0800 (PST)
	(envelope-from terrysingh@yahoo.com)
Message-ID: <20031230003040.81915.qmail@web40707.mail.yahoo.com>
Received: from [38.112.115.97] by web40707.mail.yahoo.com via HTTP;
	Mon, 29 Dec 2003 16:30:40 PST
Date: Mon, 29 Dec 2003 16:30:40 -0800 (PST)
From: Terry Singh <terrysingh@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: arp request problem with firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2003 00:30:44 -0000

this is my first post to freebsd questions. 

MY NETWORK

Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network

The WAN_IF has several public addresses as aliases. I have about 20 servers in
the LAN that require various services allowed to the public Internet. 

I basically am doing a "bimap" one to one mapping per server in the LAN.
This all works great, meaning I can surf etc etc from any LAN server to the
Internet and also, from the Internet I can get published services on LAN
servers. 

Here's the problem:
I already mentioned that each server with a 192.168.50.x address is "bimap"ed
to a public address. The problem is that if I am on any of the LAN servers, and
want to connect to the public address of a server in the LAN, I CANNOT.
Now first of, I could connect using private addresses and of course this works
like it should. But our applications have real DNS names coded in the apps so I
need this to work. 

I know it has something to be with proxy arp so I even tried placing this line
in sysctl.conf: net.link.ether.inet.proxyall=1.\
no luck.

ANY IDEAS?

--------------
Second problem
One of the LAN servers is a FTP server. From the Internet, I can only connect
using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what
happens when passive mode is used: The initial connection is accepted, but then
the server sends its private address instead of its proper public address! Of
course it's not gonna work! So I forced active mode and voila! it worked.
What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp
in freebsd but what about inbound?

thanks, tsingh.




__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/