Hi,
I thought for a while about the subject of this email and could not define
my problem better then a gateways problem.
I have two lines (completely different networks) coming in with two
shorewalls 1.3.2 on RH7.3 2.4.18 kernel. on eth1 they both go into one
(internal) switch. my w2k server is also plugged in to the same switch.
line 1 i will call fw1 and line 2 i will call fw2.
that box has a gateway which points to fw2 eth1.
I need to slowly migrate this server from fw2 (line 2) to fw1 (line1). For
that i need to be able to assess the w2k server from both lines ( at least
for a while).
This setup does not really work. Not for everyone :) someone helped me by
accessing the server from outside on both IP addresses and it worked for
him, but i cannot get it to work from another location so I consider that it
does not work.
In theory this should work as long as the packet knows how to get out of the
system. And it does since it has a gateway. Granted, not the gateway on the
network that it came in on but still a gateway.
Has it anything to do with SNAT? I gave that a though after reading
Rusty''s
guide and shorewall docs.
on fw1 tcpdump -i eth1
shows requests going in but not out:
17:10:24.475062 dsl-64-130-80-173.telocity.com.35090 >
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss
1460,sackOK,timestamp 426193541 0,nop,wscale 0> (DF)
17:10:27.469541 dsl-64-130-80-173.telocity.com.35090 >
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss
1460,sackOK,timestamp 426193841 0,nop,wscale 0> (DF)
17:10:33.471958 dsl-64-130-80-173.telocity.com.35090 >
192.168.1.27.webcache: SWE 3721339575:3721339575(0) win 5840 <mss
1460,sackOK,timestamp 426194441 0,nop,wscale 0> (DF)
on fw02 tcpdump -i eth1 shows it going both ways and all is fine.
I am not sure if w2k is confused or fw1 or fw2 or me :), but i would
appreciate any hint.
VV
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com