ipfw + natd => some sites won't work :-S
Frank de Bot
freebsd at searchy.nl
Mon May 9 16:09:44 PDT 2005
The ipfw rules standing without any other rules and '65535 allow ip from
any to any' as last rule give the same behaviour. So it's not a
firewall case.
The network layout is posted in my reaction to Emanuel.
Sites I can't access are:
www.tweakers.net
www.fok.nl
www.yahoo.com
www.userfriendly.org
www.thinkgeek.com
Sites i CAN access:
www.google.com
www.gmail.com
www.fastclick.net
fbsd_user wrote:
>
> Seeing snippet of your firewall rules is not giving us enough info
> to work on.
> You have to post complete rule set because of the way rules are
> processed.
>
> Also an explanation of your private network layout and how you
> connect to the internet is needed.
>
> List sites you can not access.
>
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Frank de
> Bot
> Sent: Monday, May 09, 2005 6:42 PM
> To: freebsd-questions at freebsd.org
> Subject: ipfw + natd => some sites won't work :-S
>
>
> Hi,
>
> I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
> like
> Google for instance does work, but many other don't. All other
> protocols
> seems to be working properly. But why are sites failing to do
> anything?
> I got running natd with the verbose option and successfull request
> of
> google is indentical to a random other site :S
> The firewall I use is rather big. the most important piece is:
>
> 01200 723 652298 divert 8668 ip from any to 82.94.238.70 via
> fxp0
> 01200 521 85279 divert 8668 ip from 10.0.5.0/24 to any
> 01200 0 0 allow ip from any to 10.0.5.0/24
> 01201 524 85399 allow ip from 82.94.238.70 to any
> 01201 3 144 allow ip from any to 82.94.238.70
> 01500 871494 216106437 allow tcp from any to any established
>
>
> /etc/natd.conf is:
>
> alias_address %external_ip%
> verbose
>
>
> It just puzzles me why only some http request would fail and
> everything
> works fine!
> Anyone got any idea?
>
>
> Thanks in advanced,
>
> Frank de Bot
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list