RE: identical scripts, 2 boxes, different behavior - what else should i look for?!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Check the gateway on the internal machine you're trying to forward to.

Internal box a will only talk through 1 firewall at a time, or correct me if
I'm wrong.

Firewall1             ,        firewall 2
   .
  /|\
   |

Box A  
Gateway is 
firewall 1

Incoming packet to internal box A through firewall 2 will not work because
box A tries to respond through firewall 1, not firewall 2.

Or did I completely misunderstand the question?

-=Ray
+-----------------------------------------------------------+
|                         | Ray Anderson                    |
|           |             | Systems Development Manager     |
|           |             | 916.788.2444 (Office)           |
|          (O)            | 916.798.9439 (Mobile)           |
|X--------<_._>--------X  | PRIDE Industries                |
|         (___)           | rsa at prideindustries.com      |
|                         | http://www.prideindustries.com  |
+-----------------------------------------------------------+
It's the little things that cost you victories.
Group Captain Reade Tilley, RAF


> -----Original Message-----
> From: netfilter-admin@xxxxxxxxxxxxxxxxxxx 
> [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of arif
> Sent: Tuesday, March 16, 2004 11:11 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: identical scripts, 2 boxes, different behavior - 
> what else should i look for?!
> 
> 
> ok, after being super frustrated trying to figure out
> why i can't forward ports properly, i decided to just
> take the script we currently are using on the soon to
> be old firewall, and load it onto the new one. It
> loaded fine, but I get different behavior with the two
> machines! I compared the rules line by line using
> iptables -L, and theyre identical. But I do not get
> forwarded to the internal hosts like I should, when I
> try with the new machine! The routing tables are
> identical also, and they both have the same kernel
> modules loaded... the original is a 2.4.20 precompiled
> redhat kernel, and the new one is 2.4.25 that i
> compiled myself - could it be something i am missing
> in the kernel?? or is there something else i should
> check? i have  /proc/sys/net/ipv4/ip_forward set to 1
> of course.. i dont know what else to look for!!!
> HELP!!! :)
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - More reliable, more storage, less spam
> http://mail.yahoo.com
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux