Date: Mon, 19 Sep 2005 19:29:54 +0200 From: jonas <jonas.de.buhr@gmx.net> To: freebsd-questions@freebsd.org Subject: Re: problem with IPF rules - port 80 not accessible Message-ID: <20050919192954.6ac0e9a9@localhost> In-Reply-To: <432EDE1D.2050107@locolomo.org> References: <20050919172642.45408cf9@localhost> <432EDE1D.2050107@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Sep 2005 17:49:49 +0200
Erik Norgaard <norgaard@locolomo.org> wrote:
> jonas wrote:
>
> > the httpd is not accessible from the internet and i don't understant
> > why, i probably made some stupid mistake in the firewall rules...
> > this is the first time i'm setting up a firewall from scratch.
>
> Do you at all have access?
i can access the webserver from my LAN and from the university.
ssh from the university doesn't seem to work
>
> > (any errors in it? outbound internet acces works fine)
>
> I shall try to disect your ruleset:
>
> > @1 pass in log quick on ng0 proto tcp from any to 128.176.0.0/16
> > port = 80 @2 pass in log quick on ng0 proto tcp from any to
> > 192.168.0.1/32 port = 443 @3 pass in log quick on ng0 proto tcp
> > from any to 192.168.0.1/32 port = 22 @4 pass in log quick on ng0
> > proto udp from any to 192.168.0.1/32 port = 22
>
> Do you see anything strange in the first rule compared to the
> following three? You said ssh worked right?
eh.. well, those other rules where a bit old :) i changed them now to
say 128.176.0.0/16 as well.
>
> > where rl0 is the LAN interface, rl1 is connected to a DSL-modem,
> > ng0 is the tunnel interface mpd creates, 192.168.0.1 is the IP of my
> > freebsd gateway and 172.16.0.1 is the IP of the PPTP-server (a cisco
> > device i think).
>
> You should make an ascii sketch, it's far easier to understand which
> iterface is connected to what and where traffic goes.
ok, i'll try, but don't complain if its crappy :)
[laptop]
192.168.0.2 (bfe0)
|
|
[hub]
|
|
192.168.0.1 (rl0)
[freebsd gateway]
172.16.x.y (rl1)---------->DSL-modem----->[some gateway]----->172.16.0.1
| 172.16.192.2 |
\___________________________PPTP-tunnel_____________________________/
128.176.a.b(ng0)
|
[ISP-gateway]
128.176.239.193
|
[internet]
hmm... 172.16.x.y is the IP i get assigned by DHCP
and the one i reach the pptp-server 172.16.0.1 through 172.16.192.2
128.176.a.b is the IP i get assigned from the pptp-server, so i can
reach the public internet through the gateway 128.176.239.193.
so 128.176.a.b. is my public IP address.
so in fact the traffic goes this way(at least this is how i understand
it):
laptop--->freebsd gateway:(GRE encapsulate)--->172.16.192.2 \
--->172.16.0.1:(unencapsulate)--->128.176.239.193--->internet
and
internet--->128.176.239.193--->172.16.0.1(GRE encapsulate) \
--->172.16.192.2--->freebsd gateway:(unencapsulate)--->laptop
is this correct?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050919192954.6ac0e9a9>