Date: Sat, 25 Aug 2007 17:21:24 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "Narek Gharibyan" <ngharibyan@arm.synisys.com> Cc: questions@freebsd.org Subject: Re: IPFW and HTTPS problem Message-ID: <20070825172124.6295f597.wmoran@potentialtech.com> In-Reply-To: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com> References: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Any reason you posted to the same list twice?]
In response to "Narek Gharibyan" <ngharibyan@arm.synisys.com>:
>
> I enabled https for my webmail. It works for LAN client but doesn't work for
> Internet clients. I checked with tcpdump ipfw filters the incomping https
> packets unless the rule
>
> Ipfw add allow tcp from any to ${webmail} 443
>
> Ipfw add allow tcp from ${webmail} 443 to any
>
>
>
> Even I tried
>
>
>
> Ipfw add allow all from any to ${webmail} keep-state
>
> Ipfw add allow all from ${webmail} to any keep-state
>
>
>
> Nothing helps.
>
>
>
> Any comments?
Yes. Please provide your entire ruleset. It's impossible to assist in
debugging a ruleset with only a partial ruleset. Do not trim or edit
the ruleset, as you may trim away the part that is causing the problem.
On your own, the output of 'ipfw show' can be useful for determining
which rules are blocking traffic, as it shows counters of how many
packets have matched each rule.
--
Bill Moran
http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070825172124.6295f597.wmoran>