ipfw + natd => some sites won't work :-S

Frank de Bot freebsd at searchy.nl
Mon May 9 16:09:44 PDT 2005 

The ipfw rules standing without any other rules and '65535 allow ip from 
any to any' as  last rule give the same behaviour. So it's not a 
firewall case.

The network layout is posted in my reaction to Emanuel.

Sites I can't access are:

www.tweakers.net
www.fok.nl
www.yahoo.com
www.userfriendly.org
www.thinkgeek.com

Sites i CAN access:

www.google.com
www.gmail.com
www.fastclick.net




fbsd_user wrote:
> 
> Seeing snippet of your firewall rules is not giving us enough info
> to work on.  
> You have to post complete rule set because of the way rules are
> processed. 
> 
> Also an explanation of your private network layout and how you
> connect to the internet is needed.
> 
> List sites you can not access.
> 
> 
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Frank de
> Bot
> Sent: Monday, May 09, 2005 6:42 PM
> To: freebsd-questions at freebsd.org
> Subject: ipfw + natd => some sites won't work :-S
> 
> 
> Hi,
> 
> I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
> like 
> Google for instance does work, but many other don't. All other
> protocols 
> seems to be working properly. But why are sites failing to do
> anything? 
> I got running natd with the verbose option and successfull request
> of 
> google is indentical to a random other site :S
> The firewall I use is rather big. the most important piece is:
> 
> 01200     723    652298 divert 8668 ip from any to 82.94.238.70 via
> fxp0
> 01200     521     85279 divert 8668 ip from 10.0.5.0/24 to any
> 01200       0         0 allow ip from any to 10.0.5.0/24
> 01201     524     85399 allow ip from 82.94.238.70 to any
> 01201       3       144 allow ip from any to 82.94.238.70
> 01500  871494 216106437 allow tcp from any to any established
> 
> 
> /etc/natd.conf is:
> 
> alias_address %external_ip%
> verbose
> 
> 
> It just puzzles me why only some http request would fail and
> everything 
> works fine!
> Anyone got any idea?
> 
> 
> Thanks in advanced,
> 
> Frank de Bot
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list