At 07:56 AM 06/08/01, brian wrote:
>I have a bizarre problem that I hope someone may be able to give me a clue in
>the right direction to solve.
>
>Setup:
>
>Work:
> I have 3 Linux-MDK8.0 PC's on my desk at work. All connected to same
>switch. A,B,C all have public static IP's can all ping each other and ssh
>into each other.
How do these 3 PC's connect to the Internet? What is the subnet?
>Home:
> I have a 4th MDK8.0 computer, "D", at home with a publc static IP
> over an
>ADSL connection.
>
>Symptom:
>
>A,B,C can all ping and ssh into D.
>When I go home, D can not ping A,B,or C.
That would be a proper firewall behavior.
I'm starting to think that you connection looks like this:
LAN<--->Switch<--->Gateway/Firewall<|--->Internet
>Bizarre:
>If I leave a ping running from home for about 1.5 hours, A,B,C start
>responding to my pings. If I close all ssh sessions and stop pinging for
>approx 1 hour, and then try to ping from D again, the pings fail.
>If I get one of A,B,C to respond from D, I can ssh into it from D, then ssh
>to another computer of A,B,C, and then it will start responding to pings as
>well.
Eventually All DoS attacks get through. You succeeded in compromising your
own Firewall. You should discuss this with your Network Administrator.
>Details:
<snip>
>Help! I have to get these working. B,C will be web/email servers that won't
>be much good if I can't ping them from outside my office.
Either get more IP addresses from your ISP for the mail and Web servers,
use a small hub between the servers and the ISP's router/modem/whatever, or
you can put a third nic in your firewall and using ipchains rules forward
packets, by port number, to the proper server(s).
Network could look like this:
LAN<--->Switch<--->Firewall/Gateway<|--->Internet
|
Mail Srv<--->DMZ<--->Web Srv
