From owner-freebsd-ipfw@FreeBSD.ORG  Thu May  1 12:48:17 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2423537B401
	for <freebsd-ipfw@freebsd.org>; Thu,  1 May 2003 12:48:17 -0700 (PDT)
Received: from genua.rfc-networks.ie (genua.rfc-networks.ie [62.77.182.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 571EB43FAF
	for <freebsd-ipfw@freebsd.org>; Thu,  1 May 2003 12:48:16 -0700 (PDT)
	(envelope-from philip.reynolds@rfc-networks.ie)
Received: from tear.domain (unknown [10.0.1.254])
	by genua.rfc-networks.ie (Postfix) with ESMTP id 469C254ED1
	for <freebsd-ipfw@freebsd.org>; Thu,  1 May 2003 20:48:14 +0100 (IST)
Received: by tear.domain (Postfix, from userid 1000)
	id 3866F21150; Thu,  1 May 2003 19:48:13 +0000 (GMT)
Date: Thu, 1 May 2003 19:48:13 +0000
From: Philip Reynolds <philip.reynolds@rfc-networks.ie>
To: freebsd-ipfw@freebsd.org
Message-ID: <20030501194813.GB62220@rfc-networks.ie>
References: <001f01c31010$5da8ca90$0a00a8c0@dzelde>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001f01c31010$5da8ca90$0a00a8c0@dzelde>
X-Operating-System: FreeBSD 4.7-STABLE
X-URL: http://www.rfc-networks.ie
Subject: Re: ipfw + http : apache
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: philip.reynolds@rfc-networks.ie
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2003 19:48:17 -0000

Martins Dzelde <dzelde@parks.lv> 43 lines of wisdom included:
> Hi,
> 
> Priori I installed Apache2.0, whcich worked fine, then I added natd and ipfw
> for internet connection sharing on the same FreeBSD box and the web server
> stopped working properly. That is, the server is running and listening to
> the adress X:80, but I cant access the web content on my server.
> 
>  Now, if I turn off the firewall by
> 
> > sysctl net.inet.ip.fw.enable=0
> 
> than it works fine... from an outside computer I can access my web
> doccuments but can not access them when I turn on the firewall.
> 
> I have the followign rules set:
> 
> ipfw add 00100 divert natd all from any to any
> ipfw add 00200 allow ip from any to any
> 
> The Firewall default configuration is to deny all from any to any, hence
> there is the final rule
> 
> ... 65535 deny ip from any to any
> 
> when cheking the ipfw counters with ipfw -a list, the I get that the only
> the first two are used and there is no use of the rule 65535 ie:
> 
> 00100    xxx    xxx    divert 8668 ip from any to any
> 00200    xxx    xxx    allow ip from any to any
> 65535    0        0        deny ip from any to any
> 
> Please, help me to allow the outside world access my http documents.

is NATD running?

ps auxwww | grep natd

Phil.

-- 
Philip Reynolds                      | RFC Networks Ltd.
philip.reynolds@rfc-networks.ie      | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil  | www.rfc-networks.ie