Firewall/Web server difficulties

Norberto Meijome freebsd at
Mon Feb 13 06:21:33 PST 2006

Brian Bobowski wrote:
> All right. I've got my firewall up and running, and my workstation can
> get almost anywhere it needs to just fine.

you dont' say if you are using ipfw, ipf , pf....

> I can access it by directly referencing the private-interface IP, but if
> my workstation tries to get to the public-interface IP, nothing happens.
> Can't even ping it. ICMP and port 80 TCP should both be allowed from
> anywhere... but they're not getting through.

(Assuming all your rules are ok...) AFAIK, you can't access the external
 interface of a NAT'ed system from the LAN side. Simply use a DNS inside
that resolves the name you try to access to the internal interface
instead of the external. this is FAQ, i think...

> (So far as I can tell, it's
> not just me who's unable to access these.)

meaning others in your LAN? or others in the WAN?

> Does NAT simply not allow for servers to be running on the machine that
> performs it? I know it's not ideal, but I don't have the room to install
> another machine even if that were in my budget. I've set up NAT and IPFW
> per the directions in the handbook, and aside from that one difficulty,
> everything seems to be working.
> Please reply off the list.
CCing the list for the benefit of everyone else :)


