First; thanks to everyone for the help and insights into my little problem.
After some checking I believe the Firewall is, in fact, answering the pings
for the web server. This didn't occur to me at first but seems to be the
case.
As to why I need to make this work at all since the second firewall is
functional. I have about 35 people at remote sites that connect to the web
server by IP rather than name (no DNS entry pointing to the web server).
Given that these people are not very computer savvy it is going to take a
personal visit from one of my tech support guys to get them switched to the
new IP's. For the 2-3 days this will take I am hoping to make both IP's
work. It may not be the most elegant solution but I think I am going to end
up with two web servers during this switch over. I looked into the Illegal
NAT and my firewall doesn't support it. I don't have a spare router to put
inside the firewalls so I can't do that. Unless I can find one to borrow. Or
setup a Linux box as a router with 3 Ethernet cards. Which now that I think
about it may be the best solution.
ISP1---Router----FW1----|
|-----Linux----My network---webserver
ISP2---Router----FW2---|
That way each firewall does it's own NAT and the webserver will have the
linux box as a single default gateway.
What do you guys think.
David Loysen
Sr. Network Engineer
The Corky McMillin Companies
-----Original Message-----
From: mouss [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 6:21 AM
To: David Loysen; '[EMAIL PROTECTED]'
Subject: Re: Dual firewall question
I don't see how you can ping it using the second firewall!
you have an "impossible" situation. when the web server responds to the
client,
it has one default route pointing to the first FW, so the response goes
through this
one. if you client is connected to both firewals, then it gets the response.
otherwise, it won't. even when it gets the response, the route traversed by
requests
is different from that used by responses.
the only way to get around this while keeping both "routes" is to use an
application level
proxy on the second firewall so that requests arriving at the web sevrer
through the second RW
have the IP addr of this firewall.
otherwise, you'll need to set up 2 webserver :)
but if your 2d FW works correctly, why all the headeachs. just change the
default routes and
forget about the first FW....
At 17:44 18/10/00 -0700, David Loysen wrote:
>I am having a problem that I can't quite figure out.
>
>Here's the setup.
>
>I am in the process of moving from one ISP to another. I use NAT and have a
>web server on my private network that are accessible through the firewall
by
>using one to one NAT.
>
>So what I've done so far is bring in a second T-1 and firewall with the
>intention of using both while I make changes to various client machines
that
>access my internal web server. Right now the web server has its default
>gateway set to the first firewall.
>
>Now the real problem.
>
>My internal web server now has two valid external IP addresses. Both of
>which I can ping. But I can only get the web page off of one of the IP's at
>a time. The difference seems to be how the default gateway is set on the
web
>server.
>
>Is there a way to make the web server respond to both IP's.
>
>Thanks for any help or ideas 'cause I'm fresh out of both
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
