From owner-freebsd-questions  Wed Jan  6 08:58:30 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA06270
          for freebsd-questions-outgoing; Wed, 6 Jan 1999 08:58:30 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from acad.udallas.edu (acad.udallas.edu [192.91.253.11])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA06257
          for <freebsd-questions@freebsd.org>; Wed, 6 Jan 1999 08:58:25 -0800 (PST)
          (envelope-from rhayter@acm.org)
Received: from rhayter (admin10 [198.64.49.10]) by acad.udallas.edu (AIX4.2/UCB 8.7/8.7) with SMTP id KAA32966 for <freebsd-questions@freebsd.org>; Wed, 6 Jan 1999 10:57:45 -0600 (CST)
From: "Rick Hayter" <rhayter@acm.org>
To: <freebsd-questions@FreeBSD.ORG>
Subject: Can't telnet through ipfw...
Date: Wed, 6 Jan 1999 10:57:49 -0600
Message-ID: <000001be3995$b237bc20$0a3140c6@rhayter.udallas.edu>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2232.26
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I am trying to create a firewall in front of a single HP-UX server. I want
to allow telnet access from windows clients through the firewall and into
the HP... that's it.

After some failed attempts, I thought I would log ALL traffic in hopes that
I could see what was going on.  I did an "ipfw flush", then "ipfw add allow
log all from any to any" and attempted to telnet in. The telnet session
failed to connect so I checked the log. It showed tcp from me to the HP in
via the external interface, then tcp from me to the HP out via the internal
interface - as I would expect. But that's all - no return traffic - my
telnet client tries a couple of more times with the same result then fails
to connect.

My setup is:
	2.2.8-STABLE
	HP-UX and firewall internal NIC 192.168.100.x
	my clients and firewall external NIC 198.64.48.x
	/etc/rc.conf: gateway_enable="YES"
	/etc/rc.conf: router_enable="NO"

Am I having a routing problem?  Do I need nat?  Any pointers would be much
appreciated!

- Rick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message