Hi Steve....that's the problem, maybe the NAT rules are not right, (i've tried with others without result) but i think the key is in the stateful inspection.......or maybe all the idea is not well configured.... Greetings
Jose M >> Hi all : >> >> We've a firewall with 4 interfaces (2 outside to two differents >> routers and >> ISP,1 inside and 1 DMZ),the machine is running a Squid web proxy too, >> we wanna make balancing on outgoing connections only for the web >> traffic, we have get to do that, and now the packets are going out on >> ext_if and ext_if2 but they're all coming back in ext_if, then wich >> are arising from traffic on >> ext_if2 are rejected, maybe a NAT problem or is related to stateful >> tables.....any idea? >Do outbound packets have the "correct" source address? Packets originating from the firewall are probably using whatever IP address Squid is bound to or >whatever IP address is associated with the default gw. Sorry, I don't have a solution and I'd like to here if anyone has something simple in this case. >-Steve S.
