>From: "Gary Ferrer" <[EMAIL PROTECTED]> > >Hi all, > >I'm not sure how I got here but here it is: I'm unable to access the webserver >(which happens to be on the same machine as the firewall) from a client on the >internal private net using the canonical name of the webserver. I can access >the webserver internally using the local name. So www.myweb&firewall.com is >not accessible but http://webserver&firewall is. When I ping from a client to >www.myweb&firewall.com I get the following response: >
Are you using NAT at all on the network? Can DNS resolve "www.myweb&firewall.com" on your internal network? If yes, is the IP it resolves to routable on your internal network? running snoop on both the client and teh firewall when it's failing - do you see anything unusual? Unanswered ARPs? Unresolved DNS? >pinging www.myweb&firewall.com [real.ip.number] with 32 bytes of data: >Request timed out. >Request timed out. >100 % packet loss. > >So it appears that the client is getting back the correct IP of the server from the DNS but somehow I can't route there or my firewall rules aren't setup correctly. Here they are: >17 "echo" "*" "*" ALLOW > >I haven't been able to find documentation with simple examples of rulesets anywhere so I'm asking you guys. Thanks a lot. Your rulesets seem fairly open, just be aware that "*" includes localhost (the firewall itself). My initial guess would be that NAT is getting in the way, but I'd need to know a bit more about your NAT configuration, and how your doing a mapping from www.myweb&firewall.com to http://webserver&firewall.; Valerie -- [EMAIL PROTECTED] [EMAIL PROTECTED] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
