Hi folks,
I have 2 firewalls, setup with Centos 5.2. They are also routers, connected
to 2 upstream routers.
I have some cases where connections from servers to the internet leave my
network via router2 and answers come back via router1. So I added conntrack
tools to both routers/firewalls to synchronize the session tables (using
ftfw procotol).
That works as expected. If e.g. I ping from an inside server to somewhere
outside, ICMP request leaves via router2, the answer comes back via
router1. conntrack -e on router1 shows this session (as unreplied), BUT the
firewall blocks it as new connection - that means iptables does not
recognize conntrackd's addition to the session table.
Seems that I have a conceptional misunderstanding here - but I do not find
anything that could be wrong. Could somebody please help? I am stuck.
Any hint or help is appreciated.
Dirk
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
