Date: Mon, 13 Feb 2006 09:29:16 -0500 From: Brian Bobowski <bbobowski@gmail.com> To: Norberto Meijome <freebsd@meijome.net> Cc: FreeBSD User Questions List <freebsd-questions@freebsd.org> Subject: Re: Firewall/Web server difficulties Message-ID: <43F097BC.80308@gmail.com> In-Reply-To: <43F095E6.2070901@meijome.net> References: <43F0935B.4020901@gmail.com> <43F095E6.2070901@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Norberto Meijome wrote: >Brian Bobowski wrote: > > >>All right. I've got my firewall up and running, and my workstation can >>get almost anywhere it needs to just fine. >> >> > >you dont' say if you are using ipfw, ipf , pf.... > > > Sure I do. IPFW; mentioned lower down. >>I can access it by directly referencing the private-interface IP, but if >>my workstation tries to get to the public-interface IP, nothing happens. >>Can't even ping it. ICMP and port 80 TCP should both be allowed from >>anywhere... but they're not getting through. >> >> >(Assuming all your rules are ok...) AFAIK, you can't access the external > interface of a NAT'ed system from the LAN side. Simply use a DNS inside >that resolves the name you try to access to the internal interface >instead of the external. this is FAQ, i think... > > > I'm poking at that now, yes. I had difficulty getting it to work with virtual hosts... but I can at least reference it by the private-side IP address and get places. >>(So far as I can tell, it's >>not just me who's unable to access these.) >> >> >meaning others in your LAN? or others in the WAN? > > WAN. People have tried pinging and browsing, with no success. >>Does NAT simply not allow for servers to be running on the machine that >>performs it? I know it's not ideal, but I don't have the room to install >>another machine even if that were in my budget. I've set up NAT and IPFW >>per the directions in the handbook, and aside from that one difficulty, >>everything seems to be working. >> >>Please reply off the list. >> >> >CCing the list for the benefit of everyone else :) > >Beto > > > Hope the clarifications help, -BB
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F097BC.80308>