Hi!
First, thanks for previous help with ipchains commands.
Now it seems that this "hole"(from a machine in DMZ using port 4040 to a
"private" server) is
the only thing working.
I have used ipchains -C to verify that all is set up correctly and
ipchains reports
accepted, masqueraded, passed the chain, denied and rejected according
to how
my firewall was set up.
Can I rely on using ipchains -C? That is, is my system set up properly
and is the problem
somewhere else? Can I be 100% sure that my ipchains rules are ok?
What happens is:
1. All machines in DMZ subnet can ping and communicate with each other
as expected.
All machines on private subnet can ping each other.
2. ONE(particular) machine on the private(other subnet) net can ping ONE
machine in the DMZ but no rules
or routes are setup for this. Why just ONE particular machine? I
have looked but can not find that this
machine is set up differently. No special ipchains rules, routing,
or permissions.
3. My DMZ webservers can communicate with private server(on special
port) according to my ipchains rules
Strange?!
Is this:
1. A routing problem at the fw(i route between the if:s). If it works
for one - why not all on subnet(same ipchains rules)?
2. A routing problem at the each server(there are no routes to hosts at
the servers)
3. Do I really need routing at fw with forwarding enabled?
4. An ipchains rule problem. For example wrong definition of subnet,
mask etc.
I have 212.212.135.32 to 212.212.135.46. Subnet mask 255.255.255.240
and a subnet described
with ipchains as 212.212.135.32/28 - right?
I realise that this could be a routing or more generic os problem - but
it feels like a fw problem at this point.
Sorry to bother you if it is not.
Clues anyone?
Thanks
Regards
//olas
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
