From owner-freebsd-questions  Fri Aug 18 13:49:53 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id E658A37B422
	for <freebsd-questions@freebsd.org>; Fri, 18 Aug 2000 13:49:47 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Fri, 18 Aug 2000 13:48:38 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id NAA98573;
	Fri, 18 Aug 2000 13:49:42 -0700 (PDT)
	(envelope-from cjc)
Date: Fri, 18 Aug 2000 13:49:42 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Problem with FreeBSD behind a firewall
Message-ID: <20000818134942.A98558@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <DBB3921EFE2AD211A81500A0C9B5FE760579457F@msg04.scana.com> <20000817225922.G28027@149.211.6.64.reflexcom.com> <20000818220457.B358@hades.hell.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20000818220457.B358@hades.hell.gr>; from keramida@ceid.upatras.gr on Fri, Aug 18, 2000 at 10:04:57PM +0300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Aug 18, 2000 at 10:04:57PM +0300, Giorgos Keramidas wrote:
> On Thu, Aug 17, 2000 at 10:59:23PM -0700, Crist J . Clark wrote:
> > On Thu, Aug 17, 2000 at 12:04:52PM -0400, SILVER, MICHAEL A wrote:
> > > I have a situation where my FBSD machine sits behind a hardware firewall and
> > > is inaccessible from the outside world.  The problem is, it needs to be
> > > accessible.  The HW firewall is setup to pass all traffic to a specific
> > > internet IP to the FBSD firewall, but this appears not to be happening, OR
> > > the FBSD machine is not responding properly.  I need to find out which is
> > > the problem and correct it.  (I don't have access to the HW firewall)
> > 
> > Sniff (tcpdump) the external interface of the FreeBSD machine,
> > 10.0.0.20. Try to connect to it from the Internet. Watch the tcpdump
> > output and see if the packets are coming in. 
> 
> It is quite probable that I miss some subtle point here, but unless I am
> a complete fool, this address (10.0.0.20) belongs to the 10.0.0.0/8
> block of IP's which most routers in Internet should recognize as a
> 'private network' address block and refuse to route from/to.
> 
> I think that using a real IP address to the outside interface of the
> FreeBSD firewall is going to solve a lot of the problems at hand.

Note the origian poster's remark, "...my FBSD machine sits behind a
hardware firewall..." It is implicit in his remarks that that firewall
machine is doing NAT before traffic from his FreeBSD machine hits the
Internet.

But you are correct in some sense. If he can get a registered address
routed to his FreeBSD box, it would be reachable from the
outside. However, if he can get the "hardware firewall" to do
redirects, he could do it that way without changing the 10-net
address.
-- 
Crist J. Clark                           cjclark@alum.mit.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message