From owner-freebsd-ipfw@FreeBSD.ORG Fri May 2 05:35:12 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E04BC37B404 for ; Fri, 2 May 2003 05:35:12 -0700 (PDT) Received: from dns.balticom.lv (dns.balticom.lv [217.199.104.32]) by mx1.FreeBSD.org (Postfix) with SMTP id E5A0D43F75 for ; Fri, 2 May 2003 05:35:10 -0700 (PDT) (envelope-from dzelde@parks.lv) Received: (qmail 1223 invoked from network); 2 May 2003 12:30:43 -0000 Received: from unknown (HELO dzelde) (213.180.111.146) by dns.balticom.lv with SMTP; 2 May 2003 12:30:43 -0000 Message-ID: <000801c310a7$ae021220$0a00a8c0@dzelde> From: "Martins Dzelde" To: Date: Fri, 2 May 2003 15:38:05 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: ipfw + http : apache X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2003 12:35:13 -0000 Probably, my description of the situation was ambiguous. On my little network I have three computers A, B, and C : A - FreeBSD box, where I have installed the daemons like natd, ipfw and apache2, etc. This computer is connected to internet and is supposed to share the connection for computers B & C B,C - Windows boxes, uses the shared internet connection from the computer A. Then, if the ipfw is turned OFF, the boxes B & C cannot access Internet, whereas from the box A I can access Internet as well as my apache2 web pages. These web pages on box A I can access also from any other computer connected to the Internet; whereas, when I turn ON ipfw, Internet sharing works fine (meaning I can browse the web from boxes A & B) but I cannot access those apache2 documents on box A. I have tried to test, where does those packets go if I try access the web page but all I get from 'ipfw -a list' is > 00100 xxx xxx divert 8668 ip from any to any > 00200 xxx xxx allow ip from any to any > 65535 0 0 deny ip from any to any which I understand as that those packets heading to my apache2 server on port 80 are allowed to go and no traffic is denied... but I still cannot access my web pages on the box A. > Does natd(8) have the "deny_incoming" switch set? > > -- > Crist J. Clark | cjclark at alum.mit.edu > | cjclark at jhu.edu> > http://people.freebsd.org/~cjc/ | cjc at freebsd.org It doesn't have the switch set. And I suppose it shouldn't be, should it? > is NATD running? > > ps auxwww | grep natd > > Phil. Yes, natd is running correctly. Thank you for suggestions and, please, I would really appreaciate some more. Martins.