OMG, sorry. The intended setup was fw eth0: 10.254.254.1, PUB_IP_INCOMING, PUB_IP_OUTGOING I have used 1 public ip for incoming connections and 1 ip to "masquerade" outgoing ones. I don't know if it is necessary to bind public ip to some NIC in order to let netfilter NAT work properly. Anyway, there is a little progress in the analysys. Starting a ssh session from a linux box on the internal network, I can see with tcpdump a certain amount of packets flowing along the path from the linux box, the firewall up to the ssh server. Then packet flow stops for 10-20 seconds until final exchange takes place and I have the shell prompt. It seems like some packets start going round and round before arriving to destination. In fact, if I do several ls -l connection hangs again. The strange thing is that there is no way to setup a connection if the client is putty on a windows client. Guido On Tue, Jan 31, 2012 at 6:37 PM, Andrew Beverley <andy@xxxxxxxxxxx> wrote: > On Sat, 2012-01-28 at 09:39 +0100, Guido Anzuoni wrote: > ... >> fw default gateway: 10.254.254.2 >> fw eth0: 10.254.254.1, PUB_IP_OUTGOING, PUB_IP_OUTGOING > ... >> My doubt is about eth0 configuration where I bind multiple addresses, >> an internal one and all the public assigned by the ISP. >> Is it a correct setup ? > > Unless I'm misunderstanding something, this does seem like a strange set > up. Why not just have the one IP address on eth0? Do the Cisco routers > also have an external IP address? Are these 2 completely independent WAN > links? If so, how is traffic shared between them? > > Sorry for all the questions, but I'm not entirely understanding your set > up and what you are trying to achieve. > > Andy > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
