[Shorewall-users] Two gateways problem

Val Vechnyak vechnyak@hotmail.com
Thu, 11 Jul 2002 18:10:51 +0000


Hi,

I thought for a while about the subject of this email and could not define 
my problem better then a gateways problem.

I have two lines (completely different networks) coming in with two 
shorewalls 1.3.2 on RH7.3 2.4.18 kernel.  on eth1 they both go into one 
(internal) switch.  my w2k server is also plugged in to the same switch.

line 1 i will call fw1 and line 2 i will call fw2.

that box has a gateway which points to fw2 eth1.

I need to slowly migrate this server from fw2 (line 2) to fw1 (line1).  For 
that i need to be able to assess the w2k server from both lines ( at least 
for a while).

This setup does not really work.  Not for everyone :) someone helped me by 
accessing the server from outside on both IP addresses and it worked for 
him, but i cannot get it to work from another location so I consider that it 
does not work.

In theory this should work as long as the packet knows how to get out of the 
system. And it does since it has a gateway.  Granted, not the gateway on the 
network that it came in on but still a gateway.

Has it anything to do with SNAT?  I gave that a though after reading Rusty's 
guide and shorewall docs.

on fw1 tcpdump -i eth1

shows requests going in but not out:
17:10:24.475062 dsl-64-130-80-173.telocity.com.35090 > 
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss 
1460,sackOK,timestamp 426193541 0,nop,wscale 0> (DF)
17:10:27.469541 dsl-64-130-80-173.telocity.com.35090 > 
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss 
1460,sackOK,timestamp 426193841 0,nop,wscale 0> (DF)
17:10:33.471958 dsl-64-130-80-173.telocity.com.35090 > 
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss 
1460,sackOK,timestamp 426194441 0,nop,wscale 0> (DF)


on fw02 tcpdump -i eth1 shows it going both ways and all is fine.

I am not sure if w2k is confused or fw1 or fw2 or me :), but i would 
appreciate any hint.

VV

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com