On Sep 22, 2008, at 4:46 AM, Jason Dixon wrote:
On Mon, Sep 22, 2008 at 02:25:01AM -0700, Parvinder Bhasin wrote:
On Sep 22, 2008, at 1:14 AM, Stuart Henderson wrote:
On 2008-09-22, Parvinder Bhasin <[EMAIL PROTECTED]> wrote:
I have users that can access the website fine (75.44.229.18) and
some
user that complain they can't access it.
Include the dmesg so we can see what OS version you're running.
Set pfctl -x misc and watch /var/log/messages, include any output
from around the time of a failed connection. Include the relevant
state table entries from pfctl -vss.
Here is the output from pfctl -vss - with the host(75.18.177.36)
trying
to access the website:
Please do that again, but grep only the relevant bits. I'm not
going to
sift through all the noise.
$ sudo pfctl -ss | grep 75.18.177.36
I'm pretty sure your outbound nat needs to be moved *after* your
rdr's.
I think the inbound traffic is having the src_addr translated to your
firewall's ($ext_if)
Jason,
Here it is without the noise.
# pfctl -ss | grep 75.18.177.36
all tcp 172.16.10.11:80 <- 75.44.229.18:80 <- 75.18.177.36:1056
SYN_SENT:ESTABLISHED
all tcp 75.18.177.36:1056 -> 172.16.10.11:80 ESTABLISHED:SYN_SENT
# pfctl -ss | grep 75.18.177.36
all tcp 172.16.10.11:80 <- 75.44.229.18:80 <- 75.18.177.36:1056
SYN_SENT:ESTABLISHED
all tcp 75.18.177.36:1056 -> 172.16.10.11:80 ESTABLISHED:SYN_SENT
#
-Parvinder Bhasin
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
