ipfw + natd => some sites won't work :-S

fbsd_user fbsd_user at a1poweruser.com
Mon May 9 15:58:10 PDT 2005



Seeing snippet of your firewall rules is not giving us enough info
to work on.  
You have to post complete rule set because of the way rules are
processed. 

Also an explanation of your private network layout and how you
connect to the internet is needed.

List sites you can not access.


-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Frank de
Bot
Sent: Monday, May 09, 2005 6:42 PM
To: freebsd-questions at freebsd.org
Subject: ipfw + natd => some sites won't work :-S


Hi,

I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
like 
Google for instance does work, but many other don't. All other
protocols 
seems to be working properly. But why are sites failing to do
anything? 
I got running natd with the verbose option and successfull request
of 
google is indentical to a random other site :S
The firewall I use is rather big. the most important piece is:

01200     723    652298 divert 8668 ip from any to 82.94.238.70 via
fxp0
01200     521     85279 divert 8668 ip from 10.0.5.0/24 to any
01200       0         0 allow ip from any to 10.0.5.0/24
01201     524     85399 allow ip from 82.94.238.70 to any
01201       3       144 allow ip from any to 82.94.238.70
01500  871494 216106437 allow tcp from any to any established


/etc/natd.conf is:

alias_address %external_ip%
verbose


It just puzzles me why only some http request would fail and
everything 
works fine!
Anyone got any idea?


Thanks in advanced,

Frank de Bot
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list