From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 21 21:26:57 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6AF6C16A407
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Sep 2006 21:26:57 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E618543D49
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Sep 2006 21:26:56 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 9FF882E024;
	Thu, 21 Sep 2006 23:26:54 +0200 (CEST)
Message-ID: <4513035E.5080604@locolomo.org>
Date: Thu, 21 Sep 2006 23:25:50 +0200
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5.0.7 (X11/20060916)
MIME-Version: 1.0
To: =?ISO-8859-1?Q?H=E8rv=E9_Simplice_van_der_Eijk?=
	<herve_simplice@hotmail.com>
References: <BAY109-F13F65B69FA0A5263CD640F8200@phx.gbl>
In-Reply-To: <BAY109-F13F65B69FA0A5263CD640F8200@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2006 21:26:57 -0000

Hèrvé Simplice van der Eijk wrote:
> on 1 machine I set up a freebsd 5.4  server  with dhcp, dns, ldap running on 
> it.
> 
> on an other machine I set up apachy webserver and both are working fine.
> 
> when I'm making an http request on a windows client (internet explore) it 
> shows my web site.
> 
> but since I install ipfw firewall on my freebsd 5.4 (dhcp, dns ldap server) 
> my windows client
> cant reach my webserver anymore.
> 
> Please can somebody tell me wich port I have to open up in my firewall.

You don't only need to open a port, you also need to enable routing, I 
assume your setup is like this:

Client ---- FBSD ---- Apache

You need to open port 80 (default) for the destination ip (the Apache 
host) and enable routing in the kernel:

# sysctl net.inet.ip.forwarding=1

set this in /etc/sysctl.conf to enable on reboot. How to do the routing 
with ipfw I don't know, I use packet filter.

Cheers, Erik

-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9