gateway can't see thru to "local" side

Thread Tools Search this Thread
Operating Systems BSD gateway can't see thru to "local" side
# 1  
Old 08-19-2009
gateway can't see thru to "local" side

I have a new FreeBSD 7 web server that connects just fine from the INTERNET side. I'd like to be able to keep that connectivity and then have "authorized" users able to access and be served documents from the INTRANET side. My Firewall works so good, that when I connect from the INTERNET side, I can't "reach-thru" to the INTRANET side. I'm new to this part of FreeBSD and can use some help. I installed after much reading but still don't know if I am able to do this ...Smilie

My config looks like this...

........................... FreeBsd System ........................
Internet <---1---> Card re0 | card em0 <---2--> INTrANET

#1 connects from INTERNET - does not see #2 from hard-coded linkSmilie

#2 connects and sees #1 and #2

Thanks is advance for any assistance...
# 2  
Old 08-19-2009
does each server have only 1 nic (as it seems from your schema)? if so, at least server 1 requires 2nics in order to provide internet access to intranet users.
the first nic connects the server to the internet and the second nic connects it to the intranet.

Last edited by Leppie; 08-20-2009 at 12:04 AM..
# 3  
Old 08-20-2009
Originally Posted by Leppie
does each server have only 1 nic (as it seems from your schema)? if so, at least server 1 requires 2nics in order to provide internet access to intranet users.
the first nic connects the server to the internet and the second nic connects it to the intranet.
one server ... 2 nics 1 NIC with outside address ( web site works... users will be validated before being allowed into the inside...

the other NIC with inside address (10.10.10.xx)... not complicated ... just haven't been able to make it work ...Smilie
# 4  
Old 09-14-2009
if I understand what you're trying to do, you have internet on your outside nic of and when it receives traffic destined for 10.10.xx it doesn't pass? If that's the case, it shouldn't. You will need to set up natd to monitor incoming connections and have a static nat setup in order for outside public ip traffic to route to the internal nic. If you monitor the traffic on the 10.10.xx nic with tcpdump, I'm pretty sure that you'll see the traffic coming in and out, however anything not local on the outside nic will get /dev/null'd at your outbound router since the 10.10.10 can't route outside of your network.

If I'm completely wrong here, and your firewall is active on that system, and running ipfw add an ipfw add ### allow ip from any to 10.10.10.xx/xx any and a return rule of ipfw add ### allow ip from 10.10.10.xx/xx any to any to correct it.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies

2. Solaris

Ipadm showing "/?" in ADDROBJ on S11 local zone

Hi! I have a Solaris 11 local zone, everything is running fine, BUT, when I issue an "ipadm show-addr" from inside the local zone I get the following: root@xxxxxxx:/var/opt# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? inherited ok (2 Replies)
Discussion started by: rtmg
2 Replies

3. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

4. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

5. Shell Programming and Scripting

HPUX "bdf" , "%" align to right side.

Hi All, Need you help. I have HPUX “bdf” output, I need % to be align to right side. if you see there are long file systems lv so i cant do column formatting. Any idea or best way to align the "%" to be right side. /dev/emcvg02/lv01 52428800 29931 49123947 0% /abc/disco/iasbin... (7 Replies)
Discussion started by: ashanabey
7 Replies

6. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

7. UNIX for Dummies Questions & Answers

Can you force local NTP server to be accepted as "suitable"?

Is there some way to force the NTP server on a brand-new install to be "suitable" to sync other servers from? (I'm more concerned with synchronization between machines, and less concerned with what the actual time they sync to is) For example, whenever I install fresh from the Fedora DVDs and... (0 Replies)
Discussion started by: jjinno
0 Replies

8. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep ""|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep ""|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies
Login or Register to Ask a Question