On Sun, Mar 23, 2003 at 04:09:42PM -0700, Wayne Freeman wrote: > Can anyone see anything wrong that would cause this not to work?
Follow the TCP SYN packet. You already saw it arrive at the external interface of the firewall. Does it get forwarded out on the internal interface (tcpdump there)? Does it arrive at the webserver (tcpdump there)? Does the webserver send out a SYN+ACK (tcpdump)? Does the SYN+ACK arrive back at the firewall's internal interface (tcpdump)? Does it get translated back and forwarded out through the external interface (not according to your description)? One common problem is that the webserver is not configured to use the firewall as default gateway, and is not sending its replies through there.. Daniel
