teastep at shorewall.net
Thu Feb 19 13:31:17 PST 2004
On Thursday 19 February 2004 01:27 pm, Garrett Johnson wrote:
> We've got our proxy/gateway/shorewall server up and running. However our
> loc zone on Interface eth1 has several subnet's that it routes for. One of
> the subnet's can't connect to several services email, ping, etc. whereas
> other subnet's set up like the one that doesn't work can do everything.
> The subnet that doesn't work can ping eth1's local ip address but can't
> ping anything at the outside world but can get to the proxy server.
> other subnet's can ping the one that doesn't work just fine.
> Our setup is like the Triple-Interface setup but instead of going to a DMZ
> we have one local zone with two interface cards set to it. Only one card
> eth1 has other subnet's attached. The other card eth0 is attached to a
> small gigabit network. I can't tell if the problem is with the firewall
> although we didn't have problems with this until the firewall was
> The only log entry I've seen that gives any message is one with a packet
> from the subnet that doesn't work that says it was UNREPLIED. We have
> several (2-3) subnet's due to distance limitations of Ethernet. One of
> these uses ARCNET and routes packets through two WINNT SP3 machines acting
> as routers they run TCPIP. All is going well except for this one subnet.
> I'm just looking for a place to start looking into what is wrong. This is
> very similar to the problem we had with the server the first time we tried
> running it and were unable to get out at all. Now everyone except this
> subnet is good.
A little detailed information is better than a lot of prose in cases like
yours. Please forward the information requested in the Shorewall Support
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies