mime contents thru ipfw
Hugo Osorio
osorio.hugo at gmail.com
Fri Sep 23 09:00:06 PDT 2005
gracias,
our (172.24.33.0 <http://172.24.33.0>) LAN goes to internet through two
proxies, the new proxy which is the one i am trying to set up, is in another
network
we have set routes to that LAN, (172.25.1.0 <http://172.25.1.0>)
-is it inappropriate to put these address here? i hope not :s
in order to be protected, we have set a firewall in this way:
LAN(172.24.33.0 <http://172.24.33.0>) --> SWITCH --> fw --> Router(
172.25.19.X) --> proxy(172.25.1.5 <http://172.25.1.5>)
i have the other conf (using another proxy, another network) without the
string 'http://' and it works, and transfer everything.
and besides, using the new proxy, without the 'http://' string, it shows
bytes activity in 'ipfw show', i mean i can enter sites.
For using "open firewall ruleset" do you have any basic document?
another hint or help, will be appreciated, thank you.
2005/9/22, Chuck Swiger <cswiger at mac.com>:
>
> Hugo Osorio wrote:
> > while i am navigating, after trying to load a file for attachment, in
> > squirrelmail, it says:
> > 'documents contains no data'
> >
> > after entering in hotmail service, cannot access the page of my
> messages...
> > it longs forever.. and nothing shows up..
> > address like this:
> >
> https://loginnet.passport.com/ppsecure/post.srf?id=2&svc=mail&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=58378&_lang=ES&bk=1127405014
> >
> > i can not make atachments, it does not transfer files when attaching
> >
> > has something to do with SSL, TLS or PCT?
> >
> > this is my conf (i have set routes, and they are fine, i think):
> > 04300 471 29586 allow udp from 172.24.33.0/24 <http://172.24.33.0/24> <
> http://172.24.33.0/24> to
> > 172.25.1.5 <http://172.25.1.5> <http://172.25.1.5> 53 keep-state via vr0
> > 04500 54 3058 allow tcp from 172.24.33.0/24 <http://172.24.33.0/24> <
> http://172.24.33.0/24> to
> > 172.25.1.8 <http://172.25.1.8> <http://172.25.1.8> 20,21 keep-state via
> vr0
> > 04600 1200 615333 allow tcp from 172.24.33.0/24 <http://172.24.33.0/24><
> http://172.24.33.0/24> to
> > 172.25.1.5 <http://172.25.1.5> <http://172.25.1.5> 80,139,443,445
> keep-state via vr0
>
> Those can't possibly be your actual IPFW rulesets-- the "http://" strings
> in
> the middle don't exist in the output from "ipfw -a l".
>
> It's unclear whether you are working on a client machine or box intended
> as a
> firewall. It's likely that you should start with the "open" firewall
> ruleset,
> and experiment from there, confirming that FTP access via the proxy works
> properly, HTTPS access, etc.
>
> If you still have problems without any firewall rules in place, those will
> need
> to be resolved before you have any realistic chance of getting a working
> IPFW
> ruleset going.
>
> It might also be the case that hanging trying to do FTP data means a PMTU
> problem, see whether "ifconfig vr0 mtu 1400" helps.
>
> --
> -Chuck
>
>
More information about the freebsd-ipfw
mailing list