Zitiere Darley Ware <[EMAIL PROTECTED]>: > 1. I have webserver on the internal LAN which listens on port 8000. I can > view the webserver internally by IP and by name (using LMHOST records). I > have not however been able to access the internal webserver from the > outside. I saw a post the weekend about name based virtualhosting on web > servers. This does not seem to apply to me as I have the server setup to > respond to IP and have no virtualdomains configured. So I guess my question > is do I have my redirect setup correctly, and if so where lies the problem?
No, you're blocking the redirected request. Redirection happens before the evaluation of pass/block rules. So > rdr on dc0 proto tcp from any to (dc0) port 8000 -> 192.168.XX.71 port 8000 redirects the request to 192.168.xx.71:8000 on dc0, and > block in log all > pass in quick on $if_ext proto tcp from any to $if_ext/24 port = 8000 does not let it pass, because the destination for the request is not $if_ext but 192.168.XX.71. So if you change it to > pass in quick on $if_ext proto tcp from any to 192.168.XX.71 port = 8000 > keep state it should work. > 2. (and this one really is not that important) I can not seem to get a > response to ICMP to outside addresses. I can ping both directions from the > firewall and I believe my pings are getting out, but the responses to not > return to the internal clients. If i understand you correctly, pinging works from the firewall in all directions (inwards and outwards), but not from internal clients to servers outside the firewall. Add > pass in on $if_int inet proto icmp all icmp-type 8 code 0 keep state to your rules for your internal interface, and all should be fine. You're blocking the pings on your internal interface, if i'm not mistaken. > Thanks, > > Darley Hope to have helped, Clemens
