On Thu, 8 Mar 2001, Arto Huusko wrote:

[big snip]

> was perfect - no trouble at all. Well, from the firewall I did
> 
>  ping -n <an IP number)
> 
> that worked immediately. I issued "ipf -Fa" after which pinging
> (and other connections) by name started working magically
> from the firewall. I reloaded my ruleset with "ipf -f <ruleset name>":
> and the same functionality continued: behind firewall, OK;
> inside firewall, not OK.

1) Do you use NAT at all?  If so, is there anything strange in the NAT
configuration?

2) Do you run a DNS server on or behind the machine which is
firewalling?  If so, you may need to open tcp and udp port 53 to let DNS
queries come in; although, why your clients behind the firewalls work are
a mystery.

3) tcpdump?  That can be helpfull, seeing what's going on.  Of course,
it'd be best if you had a friend trying to ssh in.

4) Perhaps someone else will see something that we've all so far missed
;-)

Hope this helps,

-
Jon
 --------------------------------------------------------------------
 - The opinions expressed are not necesarily those of my employer.
   "I wonder how many people actually read my .sig?"