Re: IPFW and HTTPS problem
On Aug 25, 2007, at 4:15 PM, Narek Gharibyan wrote: I enabled https for my webmail. It works for LAN client but doesn't work for Internet clients. I checked with tcpdump ipfw filters the incomping https packets unless the rule tcpdump is the hard way. # ipfw zero try the webmail. # ipfw -a list Examine the above list for rules have been hit since zero. Your answer lies among the rules which have been hit. You might add "ipfw add 65000 deny log ip from any to any" and see what shows in /var/log/security for more details. If you see hits on a rule but don't understand why, add "log" to it. Probably best to duplicate that rule with a lower number so the "log" version is used first. And easy to remove the logging version later without touching the original. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW and HTTPS problem
[Any reason you posted to the same list twice?] In response to "Narek Gharibyan" <[EMAIL PROTECTED]>: > > I enabled https for my webmail. It works for LAN client but doesn't work for > Internet clients. I checked with tcpdump ipfw filters the incomping https > packets unless the rule > > Ipfw add allow tcp from any to ${webmail} 443 > > Ipfw add allow tcp from ${webmail} 443 to any > > > > Even I tried > > > > Ipfw add allow all from any to ${webmail} keep-state > > Ipfw add allow all from ${webmail} to any keep-state > > > > Nothing helps. > > > > Any comments? Yes. Please provide your entire ruleset. It's impossible to assist in debugging a ruleset with only a partial ruleset. Do not trim or edit the ruleset, as you may trim away the part that is causing the problem. On your own, the output of 'ipfw show' can be useful for determining which rules are blocking traffic, as it shows counters of how many packets have matched each rule. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"