Date: Tue, 27 Oct 98 15:58:00 -0600 From: Carol Lyn Deihl <carol@tinker.com> To: Can Altineller <altine@ee.fit.edu> Cc: mobile@FreeBSD.ORG Subject: Re: ipfw and httpd. Message-ID: <9810272158.AA07031@localhost> References: <Pine.BSF.4.05.9810260405000.594-100000@seraglio.xochi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Can Altineller wrote: > in my rc.firewall I have > >$fwcmd add pass tcp from any to ${ip} 80 setup > > just as I have for port 22, 23, which work fine. However; when I >telnet to myhost:80 from an external host; the myhost:80 does not respond >at all. I've tcpdumped such an interaction and figured out that it does >not syn back, other words, it does not connect at all. I've tried various >other commands such as: ipdw add pass tcp from myip 80 to any setup ; and >that does not seem to be working. The rule you mentioned allows only the first packet from a client to reach your web server, but you will need additional rules for the rest of the packets from the client, and for the reply packets from your server back to the client. I'd suggest rules like the following: $fwcmd add pass tcp from any to ${ip} 80 in $fwcmd add pass tcp from ${ip} 80 to any out established The first rule lets clients send packets "in" to your server. The second rule lets your server send reply packets ("established") back "out" to the clients. You may already have a rule near the end of your set something like this: $fwcmd add pass tcp from ${ip} to any out established Since this rule allows replies to all established connections, you won't need the second rule above. Carol Deihl -- carol@tinker.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9810272158.AA07031>