From owner-freebsd-ipfw@FreeBSD.ORG  Fri Sep 23 16:03:26 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: ipfw@freebsd.org
Delivered-To: freebsd-ipfw@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF08916A41F
	for <ipfw@freebsd.org>; Fri, 23 Sep 2005 16:03:26 +0000 (GMT)
	(envelope-from osorio.hugo@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 18A8B43D45
	for <ipfw@freebsd.org>; Fri, 23 Sep 2005 16:03:25 +0000 (GMT)
	(envelope-from osorio.hugo@gmail.com)
Received: by zproxy.gmail.com with SMTP id z31so208703nzd
	for <ipfw@freebsd.org>; Fri, 23 Sep 2005 09:03:25 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references;
	b=CN/CIiOJrEN3TOfcwFTWFcj1GAmsgCFtP1u29IOsOctbqIcfdl0kWyGMhsIOOc0qwgww1lhUzdx0yIaTJoMKhsgRVCUqSRGY3i09R5TmCXEJMSG7k+6QSDaxmRSHQf0+tzwJ+mNuOOR55FJ1N9rHQOGFeNh4MsFo6ZFSCPzhIy0=
Received: by 10.36.17.18 with SMTP id 18mr463541nzq;
	Fri, 23 Sep 2005 09:03:25 -0700 (PDT)
Received: by 10.36.80.1 with HTTP; Fri, 23 Sep 2005 09:03:25 -0700 (PDT)
Message-ID: <680ac847050923090349bf3505@mail.gmail.com>
Date: Fri, 23 Sep 2005 11:03:25 -0500
From: Hugo Osorio <osorio.hugo@gmail.com>
To: ipfw@freebsd.org
In-Reply-To: <680ac84705092309007d69b088@mail.gmail.com>
MIME-Version: 1.0
References: <680ac84705082407576dd2f6b4@mail.gmail.com>
	<20050825084039.GH659@obiwan.tataz.chchile.org>
	<680ac84705082507486347b67@mail.gmail.com>
	<680ac847050922171856ed2904@mail.gmail.com> <43334E81.9080707@mac.com>
	<680ac84705092309007d69b088@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Re: mime contents thru ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Hugo Osorio <osorio.hugo@gmail.com>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2005 16:03:26 -0000

---------- Forwarded message ----------
From: Hugo Osorio <osorio.hugo@gmail.com>
Date: 23-sep-2005 11:00
Subject: Re: mime contents thru ipfw
To: Chuck Swiger <cswiger@mac.com>
Cc: freebsd-ipfw@freebsd.org

gracias,

our (172.24.33.0 <http://172.24.33.0>) LAN goes to internet through two
proxies, the new proxy which is the one i am trying to set up, is in anothe=
r
network
we have set routes to that LAN, (172.25.1.0 <http://172.25.1.0>)

-is it inappropriate to put these address here? i hope not :s

in order to be protected, we have set a firewall in this way:

LAN(172.24.33.0 <http://172.24.33.0>) --> SWITCH --> fw --> Router(
172.25.19.X) --> proxy(172.25.1.5 <http://172.25.1.5>)

i have the other conf (using another proxy, another network) without the
string 'http://' and it works, and transfer everything.
and besides, using the new proxy, without the 'http://' string, it shows
bytes activity in 'ipfw show', i mean i can enter sites.

For using "open firewall ruleset" do you have any basic document?

another hint or help, will be appreciated, thank you.


2005/9/22, Chuck Swiger <cswiger@mac.com>:
>
> Hugo Osorio wrote:
> > while i am navigating, after trying to load a file for attachment, in
> > squirrelmail, it says:
> > 'documents contains no data'
> >
> > after entering in hotmail service, cannot access the page of my
> messages...
> > it longs forever.. and nothing shows up..
> > address like this:
> >
> https://loginnet.passport.com/ppsecure/post.srf?id=3D2&svc=3Dmail&msppjph=
=3D1&tw=3D0&fs=3D1&fsa=3D1&fsat=3D1296000&lc=3D58378&_lang=3DES&bk=3D112740=
5014
> >
> > i can not make atachments, it does not transfer files when attaching
> >
> > has something to do with SSL, TLS or PCT?
> >
> > this is my conf (i have set routes, and they are fine, i think):
> > 04300 471 29586 allow udp from 172.24.33.0/24 <http://172.24.33.0/24> <
> http://172.24.33.0/24> to
> > 172.25.1.5 <http://172.25.1.5> <http://172.25.1.5> 53 keep-state via vr=
0
> > 04500 54 3058 allow tcp from 172.24.33.0/24 <http://172.24.33.0/24> <
> http://172.24.33.0/24> to
> > 172.25.1.8 <http://172.25.1.8> <http://172.25.1.8 > 20,21 keep-state vi=
a
> vr0
> > 04600 1200 615333 allow tcp from 172.24.33.0/24 <http://172.24.33.0/24>=
<
> http://172.24.33.0/24> to
> > 172.25.1.5 <http://172.25.1.5> <http://172.25.1.5> 80,139,443,445
> keep-state via vr0
>
> Those can't possibly be your actual IPFW rulesets-- the "http://" strings
> in
> the middle don't exist in the output from "ipfw -a l".
>
> It's unclear whether you are working on a client machine or box intended
> as a
> firewall. It's likely that you should start with the "open" firewall
> ruleset,
> and experiment from there, confirming that FTP access via the proxy works
> properly, HTTPS access, etc.
>
> If you still have problems without any firewall rules in place, those wil=
l
> need
> to be resolved before you have any realistic chance of getting a working
> IPFW
> ruleset going.
>
> It might also be the case that hanging trying to do FTP data means a PMTU
> problem, see whether "ifconfig vr0 mtu 1400" helps.
>
> --
> -Chuck
>
>