Hi,
I have a problem with NAT - It appears to be dropping packets and even leaking our internal address range out to the internet. See example traceroutes to an internal address from an external source:
traceroute to 203.48.15.97
....
18 139.130.115.165 134 ms 143 ms 120 ms (ext address of router)
19 203.48.15.100 122 ms 238 ms 258 ms (ext address of firewall)
20 203.48.15.97 146 ms 192.168.1.17 224 ms (int address of test server) 203.48.15.97 124 ms (ext address of test server)
traceroute to 203.48.15.101
....
18 139.130.115.165 122 ms 124 ms 155 ms (ext address of router)
19 203.48.15.100 133 ms 274 ms 300 ms (ext address of firewall)
20 203.48.15.101 137 ms * * (ext address of 2nd test server)
There is no noticeable difference between the two servers yet one leaks its internal address (always on the second packet) while the other only responds to the first packet (always). The logs show nothing unusual.
We have a Sun E220R Server running Solaris 7 with the latest patches installed. We are running CP 2000 VPN-1 (Build 41489) and the server is not under heavy load. The setup is outlined below:
Router
|
(203.48.15.96/27)
|
Firewall ------------ DMZ (192.168.2.0/24)
|
(192.168.1.0/24)
|
Internal Net
I have setup NAT using automatically created rules (as well as manually adding arp and route entries) and it seems to be working reasonably (i.e. I can still telnet to these addresses successfully). I have searched Phoneboy etc..... without any success - any help would be appreciated.
Marc
- [FW1] NAT Problem m . furmage
- [FW1] NAT Problem Agung
- [FW1] NAT problem Carlos Infante
- Re: [FW1] NAT problem Jason Costomiris
- RE: [FW1] NAT problem Carlos Infante
- Re: [FW1] NAT problem CryptoTech
- RE: [FW1] NAT problem Joe Voisin (FW1)
- RE: [FW1] NAT problem Paul Carmichael
- [FW1] NAT Problem Satana
- [FW1] NAT Problem Satana
- RE: [FW1] NAT Problem Smith, Martin
