Board index Freebsd

IPFW funnies?

IPFW funnies?

Post by Jim Hatfiel » Thu, 16 May 2002 23:07:49



I have a box doing IPFW and NAT between an external network
of 195.74.141.0/26 and internal of 172.16/16. It also supports
transparent Web proxying. I have the following two lines in
the IPFW config:

allow ip from any to 195.74.141.0/26 out
fwd 195.74.141.2 tcp from 172.16.0.0/16 to any 80 out

I set up a new Web server on the external network
and tried to connect to its port 80 from inside,
and got a failure back from the proxy (which had
a mistake in its DNS configuration).

I would have thought that the first of the two rules
would have caused the proxy to be bypassed completely,
so how come I get a response from it?
--
Jim Hatfield

 
 
 
Top

IPFW funnies?

Post by Eric F Cris » Fri, 17 May 2002 00:59:40


Can you show us your entire ruleset for ipfw?

--
Eric F Crist
President/Sys Admin
AdTech Integrated Systems, Inc.
http://www.adtechintegrated.com


Quote:> I have a box doing IPFW and NAT between an external network
> of 195.74.141.0/26 and internal of 172.16/16. It also supports
> transparent Web proxying. I have the following two lines in
> the IPFW config:

> allow ip from any to 195.74.141.0/26 out
> fwd 195.74.141.2 tcp from 172.16.0.0/16 to any 80 out

> I set up a new Web server on the external network
> and tried to connect to its port 80 from inside,
> and got a failure back from the proxy (which had
> a mistake in its DNS configuration).

> I would have thought that the first of the two rules
> would have caused the proxy to be bypassed completely,
> so how come I get a response from it?
> --
> Jim Hatfield


 
 
 
Top

IPFW funnies?

Post by Jim Hatfiel » Fri, 17 May 2002 02:36:11


On Wed, 15 May 2002 10:59:40 -0500, "Eric F Crist"


>Can you show us your entire ruleset for ipfw?

Urk, my mistake. The DNS problem was that a name
was mapped to an address with a typo so it *wasn't*
being picked up by first rule. Should have realised.

--
Jim Hatfield

 
 
 
Top

1. funny FUNNY MS story

Your going to love this.  Today I found both Bill Gates and Paul Allen's
social security numbers : ) God, I don't know why this kind of
information keeps coming to me.  I'm not looking. I'm not allowed to call
up Microsoft or send e-mail over there.  So I put them up on my web
hoping someone at Microsoft might see them--like Bill Gates and Paul
Allen.

<h2>Bill Gates' Social Security Number: <B> 539-60-5125  </B>
<BR>
Paul G. Allen's Social Security Number:  <B> 536-58-3118  </B>
</h2>

Of course they have me censored because I use to send stuff like this
directly to Bill.  It's so much better to post things publicly on the
internet than to send private e-mail.  Gates should fire the whole lot of
them for being so stupid.

--------------------------------------------------------------------

You're the Apple of my IBM. I'd Love to take a byte.
You really make my disk hard. Shall we go online tonight?
                    _         _
                .-~" "~-._.-~" "~-.
              __ ... . -^-- ,- -- - - -^ ,._   .
     _. - ~`v .                     '  ( `,  `,=')---.-.
   '           `.                 .'   `\'   ;."~-._` )`)
   `.            `._           _.'           {      )'~-,
                    `-.     .-'               `-  /'( >~
                       `. .'                    `(_.-'
                         v

Redmond Rose~ http://www.nwlink.com/~rosarium/

J~

2. Using ndbm to store records or more than 2 fields?

3. Funny, funny, good free Quotes of the day.

4. Red Hat's Metro-X.

5. typeset -f gives funny output when executed from Korn shell script

6. Math.h Problem !

7. Something funny

8. file system question

9. How to delete funny file(name)

10. Mounting CD-ROM has funny error

11. funny change directory, look

12. Funny X problem

13. A funny thing happened


All times are UTC
Board index