Mailinglist Archive: opensuse-bugs (4243 mails)

< Previous Next >
[Bug 1017936] No DMZ routing with Yast2 configured FW & Wicked
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 04 Jan 2017 17:04:20 +0000
  • Message-id: <bug-1017936-21960-hf9TpDUHaG@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1017936
http://bugzilla.opensuse.org/show_bug.cgi?id=1017936#c8

Lee Lammert <lvl@xxxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(lvl@xxxxxxxxxxx) |

--- Comment #8 from Lee Lammert <lvl@xxxxxxxxxxx> ---
(In reply to Michal Filka from comment #4)
(In reply to Lee Lammert from comment #0)

The routes seem correct:

Destination Gateway Genmask Flags Metric Ref Use
Iface
default 24-107-128-1.dh 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0
p132p1
24-107-128-0.dh * 255.255.252.0 U 0 0 0 eth0
206.197.251.0 * 255.255.255.0 U 0 0 0
p128p1

However the Yast2 generated ruleset does not work, nor does it save the
static route for DMZ traffic [shown correctly in Yast2 UI]:

I'm a bit lost here. Which route is missing? Could you send a screenshot of
UI if it is shown correctly there?

As am I! The route is present, .. yet no traffic from the private network
(10.0.0.0) is routed to the DMZ.

For example, trying to connect from <Private> to a host in the DMZ shows the
route breaking:

$ traceroute <DMZ host>
traceroute to mail (<DMZ host>), 30 hops max, 60 byte packets
1 marvel (10.0.0.254) 0.284 ms 0.253 ms 0.232 ms
2 marvel (10.0.0.254) 0.215 ms 0.187 ms 0.172 ms

I have to manually disable p128p1 to get traffic from Private to DMZ via the
public IF. Don't know the actual reason, e.g. is Masquerading failing for some
reason?

The weird part is that when I built the machine with two USB NICs, it worked
fine. Replacing them with GB PCIE NICs created the routing problem.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References