I am using fwbuilder to generate my firewall rules and I am happy except
for one problem. Several of the servers behind the firewall are NAT-ed
to outside addresses, e.g. server.dbi.udel.edu has an outside address of
128.175.253.2 (which is not the address of the firewall) and an internal
address of 10.0.0.2. Everything works as I would expect except when
someone on that server tries to connect to the external ip address. If
I log into the server and run 'ssh 128.175.253.2' the connection times
out and I get the following error on the firewall (10.0.0.10):
RULE 14 -- DENY IN= OUT=eth1 SRC=10.0.0.10 DST=10.0.0.2 LEN=76 TOS=0x00
PREC=0xC0 TTL=64 ID=64332 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=10.0.0.2
[SRC=10.0.0.2 DST=10.0.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=30492
DF PROTO=TCP SPT=33012 DPT=25 WINDOW=49640 RES=0x00 SYN URGP=0 ]
I have tried setting the firewall rules to allow all traffic from the 10
net into the 10 net and allow all traffic from the firewall into the 10
net but this had no effect. I also tried
echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects
again with no effect. Any ideas how to get this to work?
Doug
--
Dr. Douglas O'Neal
Manager, Bioinformatics Center
Delaware Biotechnology Institute
(302) 831-3456
|
Similar Threads
Linear Mode
