problem with IPF rules - port 80 not accessible

Erik Norgaard norgaard at locolomo.org
Mon Sep 19 08:49:54 PDT 2005


jonas wrote:

> the httpd is not accessible from the internet and i don't understant
> why, i probably made some stupid mistake in the firewall rules... this
> is the first time i'm setting up a firewall from scratch.

Do you at all have access?

> (any errors in it? outbound internet acces works fine)

I shall try to disect your ruleset:

> @1 pass in log quick on ng0 proto tcp from any to 128.176.0.0/16 port = 80 
> @2 pass in log quick on ng0 proto tcp from any to 192.168.0.1/32 port = 443 
> @3 pass in log quick on ng0 proto tcp from any to 192.168.0.1/32 port = 22 
> @4 pass in log quick on ng0 proto udp from any to 192.168.0.1/32 port = 22 

Do you see anything strange in the first rule compared to the following 
three? You said ssh worked right?

> where rl0 is the LAN interface, rl1 is connected to a DSL-modem, ng0 is
> the tunnel interface mpd creates, 192.168.0.1 is the IP of my
> freebsd gateway and 172.16.0.1 is the IP of the PPTP-server (a cisco
> device i think).

You should make an ascii sketch, it's far easier to understand which 
iterface is connected to what and where traffic goes.

Cheers, Erik
-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9


More information about the freebsd-questions mailing list