[with most humble apologies to Dr. Seuss for the subject line...]
On Cyberguard's unix platform, I've got three interfaces. One is the
external, one is the internal and one is the dmz.
Traffic will route from int to ext, ext to int, int to dmz, dmz to int, dmz
to ext but NOT ext to dmz.
HOWEVER, if the traffic comes back from ext to dmz via an established
connection, the dmz-based server responds.
I have gone over my traffic rules with a lint brush, pair of tweezer and my
boss. I've changed the dmz interface from ext to int and back. I've even
temporarily enabled some wide-open rules and not been able to get unique
traffic to route from ext to dmz. When I sniff the packets on the ext side,
I see the traffic to the ext interface but nothing ever reaches into the
dmz.
Cyberguard just shook their head and said rebuild it. Unfortunately, that's
not a feasible option right now.
Has anyone seen something like this before? Any hints on where to look for a
problem?
Thanks,
Vic
----------------------------------------------------
Victor Hill - Network Analyst - DCA Services
MCSE -- MCP+I -- CCNA
405-951-9339 work 405-820-9586 cell
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
