AW: [suse-security] Firewall Routing/Forwarding Problem
Hi, should not the default gateway of your webserver be 62.245.134.144 instead of 62.245.134.146? karl
-----Ursprüngliche Nachricht----- Von: Robert Szentmihalyi [mailto:robert.szentmihalyi@entracom.de] Gesendet: Mittwoch, 5. Juni 2002 14:50 An: suse-security@suse.com Betreff: [suse-security] Firewall Routing/Forwarding Problem
Hi,
I have a strange problem which I have been debugging unsuccessfully for two days now. Perhaps one of you can help.
We have a web server (SuSE Linux 7.3) behind a firewall (SuSE Linux 7.1) with iptables filtering rules.
The firewall's NICs are configured as follows:
eth0 62.245.134.130 netmask 255.255.255.240 connected directly to the web server via a cross-over cable eth1 62.245.134.146 netmask 255.255.255.240 connected to the internet
route -n tells
Destination Gateway Genmask Flags Metric Ref Use Iface 62.245.134.128 0.0.0.0 255.255.255.240 U 0 0 0 eth1 62.245.134.144 0.0.0.0 255.255.255.240 U 0 0 0 eth0 0.0.0.0 62.245.134.129 0.0.0.0 UG 0 0 0 eth1
62.245.134.129 is the gateway IP address assigned to us by the ISP.
The web servers NIC is configured as eth0 62.245.134.145 netmask 255.255.255.240
and the routing table looks like this: Destination Gateway Genmask Flags Metric Ref Use Iface 62.245.134.144 0.0.0.0 255.255.255.240 U 0 0 0 eth0 62.245.134.144 0.0.0.0 255.255.255.240 U 0 0 0 eth0 0.0.0.0 62.245.134.146 0.0.0.0 UG 0 0 0 eth0
The problem is that the web server is not reachable on from the other side of the firewall although IP forwarding is activeated on the firewall.
I don't think the problem is related to the filtering rules, but I can post the script if neccessary.
Am I missing something? Do I have to configure the firewall as an ethernet bridge for this to work?
Any hint is appreciated. Thanks, Robert
-- Where do you want to be tomorrow?
Entracom. Building Linux systems. http://www.entracom.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi,
The firewall's NICs are configured as follows: eth0 62.245.134.130 netmask 255.255.255.240 connected directly to the web server via a cross-over cable
should not the default gateway of your webserver be 62.245.134.144 instead of 62.245.134.146?
As the NIC to which the web server is connect has 62.245.134.130, I'd rather say that the web server's default gateway ought to be 62.245.134.130. Try to ping 62.245.134.146 and 62.245.134.144 and see iff you can reach them. Cheers Thiemo -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
On Thursday, 6. June 2002 07:55, Thiemo Kellner wrote:
Hi,
The firewall's NICs are configured as follows: eth0 62.245.134.130 netmask 255.255.255.240 connected directly to the web server via a cross-over cable
should not the default gateway of your webserver be 62.245.134.144 instead of 62.245.134.146?
As the NIC to which the web server is connect has 62.245.134.130, I'd rather say that the web server's default gateway ought to be 62.245.134.130. Try to ping 62.245.134.146 and 62.245.134.144 and see iff you can reach them.
Sorry, I mixed hat up yesterday. The firewall's interfaces are actually configured like this: eth0 62.245.134.146 netmask 255.255.255.240 eth1 62.245.134.130 netmask 255.255.255.240 and the web server is connected to eth0, i.e. 62.245.134.146 I guess I have been working on this for too long... I have tried to set the gateway of the web server to 62.245.134.144, but when routing is set up at boot time, I get a "network unreachable" error, athough I can ping 62.245.134.144. Any ideas? Also, I don't understand, WHY the gateway should be 62.245.134.144. Could somebody please shed some light on that?
Cheers
Thiemo
Thanks for your help, Robert -- Where do you want to be tomorrow? Entracom. Building Linux systems. http://www.entracom.de
participants (3)
-
Klingler, Karl
-
Robert Szentmihalyi
-
Thiemo Kellner