Re: [Efw-user] EFW related -maybe routing problem

[Marc Fellman]

Hi Joseph,

Something I remember from the time I used MNF is that MNF worked with zones and you needed to tell MNF which IP-ranges where in which ZONE. I'm not sure if you are able to set something like that in EFW2. But what happens if you change the outgoing firewall rules from origin GREEN top origin ALL?

Marc

----- Bericht van [EMAIL PROTECTED] ---------
    Datum: Fri, 11 Aug 2006 04:20:36 -0700 (PDT)
      Van: Josephw <[EMAIL PROTECTED]>
Antwoorden aan:efw-user@lists.sourceforge.net
Onderwerp: Re: [Efw-user] EFW related -maybe routing problem
      Aan: efw-user@lists.sourceforge.net


>
> Dear Marc
>  I uploaded the image of network diagarm, but it seems gone.
> Here is the network diagram.
>               Internet
>                    |
>            213.243.168.89/28(eth1)
>                  EFW
>            192.168.90.3/24(eth0)
>                    |
>             192.168.90.254/24
>                   Router
>             192.168.180.254/24
>                     |
> Here is the packet information gethered by tcpdump.
> 17:21:37.161945 IP 192.168.180.254 > 210.17.1.1: icmp 80: echo request seq
> 1993
> 17:21:39.158655 IP 192.168.180.254 > 210.17.1.1: icmp 80: echo request seq
> 1993
> 17:21:41.159247 IP 192.168.180.254 > 210.17.1.1: icmp 80: echo request seq
> 1993
> 17:21:43.158951 IP 192.168.180.254 > 210.17.1.1: icmp 80: echo request seq
> 1993
>
> Thanks alot
>
>
> Marc Fellman-2 wrote:
>>
>>
>>
>>    Hi Joseph,
>>
>>    I think you need some editing of the text (missing any layout).
>> It's now unreadeble (no line-break's} and it's hard to say but no zone
>> information as well?
>>
>>    What are the interfaces (and to which zone do they belong)?
>>
>>    Somewhere there should be a diagram of what is allowed from which
>> zone to any other zone (I found this somewhere IPcop related but my
>> guess is this is also true for EFW). Maybe this could help you.
>>
>>    HTH.
>>
>>    Marc
>>
>>    ----- Bericht van [EMAIL PROTECTED] ---------
>>      Datum: Thu, 10 Aug 2006 23:27:01 -0700 (PDT)
>>        Van: Josephw <[EMAIL PROTECTED]>
>> Antwoorden aan:efw-user@lists.sourceforge.net
>> Onderwerp: [Efw-user] EFW related -maybe routing problem
>>        Aan: efw-user@lists.sourceforge.net
>>
>>>
>>> Hi All:
>>>   it's my network diagram . I use EFW with proxy disable and trun off
>>> "Outgoing Firewall" which means allowing all of traffic from Green to
>>> RED.
>>>   PCs in subnet 192.168.90.0/24 can access the internet smoothly. But PCs
>>> in
>>> subnet 192.168.180.0/24 CAN NOT access the internet.
>>>   EFW's routing table:
>>>      Destination             Gateway                Genmask
>>>        Flags         Metric         Ref
>>> Use Iface
>>>      210.243.168.x    0.0.0.0                 255.255.255.240
>>>  U            0       0
>>> 0 eth1
>>>      192.168.90.0      0.0.0.0                 255.255.255.0
>>>   U             0             0
>>> 0 br0
>>>      192.168.180.0   192.168.90.254           255.255.0.0
>>>       UG          0              0
>>> 0 br0
>>>       0.0.0.0             210.243.168.x            0.0.0.0
>>>             UG           0
>>> 0        0 eth1
>>>
>>>   ip_forwarding enable in EFW
>>>
>>>   1. I tried to traceroute an internet IP 210.17.1.x from PC in subnet
>>> 192.168.180.0/24. The Path is below:
>>>       192.168.180.254
>>>       192.168.90.3
>>>               *
>>>   2. I can also ping 192.168.180.x from EFW
>>>
>>>   Could anyone tell me how to deal with this ?
>>>
>>>  Thanks
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/EFW-related--maybe-routing-problem-tf2088942.html#a5757424[1]
>>> Sent from the efw-user forum at Nabble.com.
>>>
>>
>> ----- Einde bericht van [EMAIL PROTECTED] -----
>>
>>
>>
>> Links:
>> ------
>> [1]
>> http://www.nabble.com/EFW-related--maybe-routing-problem-tf2088942.html#a5757424
>>
>>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job
>> easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Efw-user mailing list
>> Efw-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>
> --
> View this message in context: 
> http://www.nabble.com/EFW-related--maybe-routing-problem-tf2088942.html#a5760609
> Sent from the efw-user forum at Nabble.com.
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Efw-user mailing list
> Efw-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/efw-user
>


----- Einde bericht van [EMAIL PROTECTED] -----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user