Date: Sat, 19 Aug 2000 07:56:09 -0600 From: "Duke Normandin" <01031149@3web.net> To: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: Problem with FreeBSD behind a firewall Message-ID: <003d01c009e5$adcb0c60$5985c5d1@odie>
next in thread | raw e-mail | index | archive | help
On Saturday, August 19, 2000 6:26 AM Duke Normandin <01031149@3web.net> wrote: >On Friday, August 18, 2000 2:51 PM Crist J . Clark <cjclark@reflexnet.net> >wrote: > > >>On Fri, Aug 18, 2000 at 10:04:57PM +0300, Giorgos Keramidas wrote: >>> On Thu, Aug 17, 2000 at 10:59:23PM -0700, Crist J . Clark wrote: >>> > On Thu, Aug 17, 2000 at 12:04:52PM -0400, SILVER, MICHAEL A wrote: >>> > > I have a situation where my FBSD machine sits behind a hardware firewall >and >>> > > is inaccessible from the outside world. The problem is, it needs to be >>> > > accessible. The HW firewall is setup to pass all traffic to a specific >>> > > internet IP to the FBSD firewall, but this appears not to be happening, >OR >>> > > the FBSD machine is not responding properly. I need to find out which is >>> > > the problem and correct it. (I don't have access to the HW firewall) >>> > >>> > Sniff (tcpdump) the external interface of the FreeBSD machine, >>> > 10.0.0.20. Try to connect to it from the Internet. Watch the tcpdump >>> > output and see if the packets are coming in. >>> >>> It is quite probable that I miss some subtle point here, but unless I am >>> a complete fool, this address (10.0.0.20) belongs to the 10.0.0.0/8 >>> block of IP's which most routers in Internet should recognize as a >>> 'private network' address block and refuse to route from/to. >>> >>> I think that using a real IP address to the outside interface of the >>> FreeBSD firewall is going to solve a lot of the problems at hand. >> >>Note the origian poster's remark, "...my FBSD machine sits behind a >>hardware firewall..." It is implicit in his remarks that that firewall >>machine is doing NAT before traffic from his FreeBSD machine hits the >>Internet. >> >>But you are correct in some sense. If he can get a registered address >>routed to his FreeBSD box, it would be reachable from the >>outside. However, if he can get the "hardware firewall" to do >>redirects, he could do it that way without changing the 10-net >>address. >>-- >>Crist J. Clark cjclark@alum.mit.com > > >So this thread won't be wasted on me, I need to know what a "hardware >firewall" is, please. I can take a wild-ass guess ;^), but I've *never won >any loteries either. As well, the term "dual-homed" was used early in >the thread -- would you briefly explain that term as well, please. Tia.... > >-duke I don't usually reply to myself, but the 1st post I read today (Steve Lewis's re: To Firewall or not to Firewall....) stated, "....on a single-homed machine (one NIC)". Happen's to me *every" bloody time !! ;^) In the future, I think I'll save my questions as "drafts" for a few days, and see what pops up. So "dual-homed" is a box with 2 NICs --- one public and one private. -duke To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003d01c009e5$adcb0c60$5985c5d1>