From owner-freebsd-questions@FreeBSD.ORG  Sat Aug 25 21:21:26 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 834AC16A468
	for <questions@freebsd.org>; Sat, 25 Aug 2007 21:21:26 +0000 (UTC)
	(envelope-from wmoran@potentialtech.com)
Received: from mail.potentialtech.com (internet.potentialtech.com
	[66.167.251.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 5540713C442
	for <questions@freebsd.org>; Sat, 25 Aug 2007 21:21:26 +0000 (UTC)
	(envelope-from wmoran@potentialtech.com)
Received: from vanquish.pitbpa0.priv.collaborativefusion.com
	(pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.potentialtech.com (Postfix) with ESMTP id A67D0EBC78;
	Sat, 25 Aug 2007 17:21:25 -0400 (EDT)
Date: Sat, 25 Aug 2007 17:21:24 -0400
From: Bill Moran <wmoran@potentialtech.com>
To: "Narek Gharibyan" <ngharibyan@arm.synisys.com>
Message-Id: <20070825172124.6295f597.wmoran@potentialtech.com>
In-Reply-To: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com>
References: <01d201c7e75d$21950ea0$180ca8c0@arm.synisys.com>
X-Mailer: Sylpheed 2.4.4 (GTK+ 2.10.14; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: questions@freebsd.org
Subject: Re: IPFW and HTTPS problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Aug 2007 21:21:26 -0000


[Any reason you posted to the same list twice?]

In response to "Narek Gharibyan" <ngharibyan@arm.synisys.com>:
>
> I enabled https for my webmail. It works for LAN client but doesn't work for
> Internet clients. I checked with tcpdump ipfw filters the incomping https
> packets unless the rule
> 
> Ipfw add allow tcp from any to ${webmail} 443
> 
> Ipfw add allow tcp from ${webmail} 443 to any
> 
>  
> 
> Even I tried 
> 
>  
> 
> Ipfw add allow all from any to ${webmail}  keep-state
> 
> Ipfw add allow all from ${webmail} to any keep-state
> 
>  
> 
> Nothing helps.
> 
>  
> 
> Any comments? 

Yes.  Please provide your entire ruleset.  It's impossible to assist in
debugging a ruleset with only a partial ruleset.  Do not trim or edit
the ruleset, as you may trim away the part that is causing the problem.

On your own, the output of 'ipfw show' can be useful for determining
which rules are blocking traffic, as it shows counters of how many
packets have matched each rule.

-- 
Bill Moran
http://www.potentialtech.com