Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 May 2003 15:38:05 +0300
From:      "Martins Dzelde" <dzelde@parks.lv>
To:        <freebsd-ipfw@freebsd.org>
Subject:   ipfw + http : apache 
Message-ID:  <000801c310a7$ae021220$0a00a8c0@dzelde>

next in thread | raw e-mail | index | archive | help
Probably, my description of the situation was ambiguous. On my little
network I have three computers A, B, and C :

A - FreeBSD box, where I have installed the daemons like natd, ipfw and
apache2, etc. This computer is connected to internet and is supposed to
share the connection for computers B & C

B,C - Windows boxes, uses the shared internet connection from the computer
A.

Then, if the ipfw is turned OFF, the boxes B & C cannot access Internet,
whereas from the box A I can access Internet as well as my apache2 web
pages. These web pages on box A I can access also from any other computer
connected to the Internet;

whereas, when I turn ON ipfw, Internet sharing works fine (meaning I can
browse the web from boxes A & B) but I cannot access those apache2 documents
on box A. I have tried to test, where does those packets go if I try access
the web page but all I get from 'ipfw -a list' is

> 00100    xxx    xxx    divert 8668 ip from any to any
> 00200    xxx    xxx    allow ip from any to any
> 65535    0        0        deny ip from any to any

which I understand as that those packets heading to my apache2 server on
port 80 are allowed to go and no traffic is denied... but I still cannot
access my web pages on the box A.


> Does natd(8) have the "deny_incoming" switch set?
>
> --
> Crist J. Clark                     |     cjclark at alum.mit.edu
>                                    |     cjclark at jhu.edu>
> http://people.freebsd.org/~cjc/    |     cjc at freebsd.org

It doesn't have the switch set. And I suppose it shouldn't be, should it?

> is NATD running?
>
> ps auxwww | grep natd
>
> Phil.

Yes, natd is running correctly.

Thank you for suggestions and, please, I would really appreaciate some more.

Martins.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c310a7$ae021220$0a00a8c0>