Hi, maybe I don't explain my situation good enough. My clients connect to a cluster with a virutal ip x.1 and the answer packet comes from the real IP's x,2 or x.3 . The cluster is not in my network an is not administrated by me. I have no possibility to change this behavior. I hope with this and my first mail now the problem of me is clear. Best regards Daniel Fitzner ------------------------------------------------------------------------ ---- --------- Daniel Fitzner IT-Services T-Systems debis Systemhaus GEI GmbH / GS Berlin debis Haus am Potsdamer Platz 10875 Berlin mail: [EMAIL PROTECTED] fon: +49 30 2554-3266 fax: +49 30 2554-3187 -----Urspr�ngliche Nachricht----- Von: Allison, Mark [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 9. Mai 2001 20:09 An: Fitzner Daniel Betreff: RE: [FW1] Problem with connecting to a cluster Is this a logical server group? If so, you need to add a rule to allow access the logical server group after the access to the nodes within the group. Mark Allison > Global Cash Access / Central Credit, L.L.C. > 702-855-3037 voice > mailto:[EMAIL PROTECTED] > -----Original Message----- From: Fitzner Daniel [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 09, 2001 2:39 AM To: FW1-MailingList (E-mail) Subject: [FW1] Problem with connecting to a cluster Hello, we have a problem with connecting a client to a load balancing cluster. The cluster consists of three machines with ip 192.168.1.1, 192.168.1.2 and 192.168.1.3. The client always connects to the ip 192.168.1.1 but gets the answer packet from 192.168.1.2. If I have only the rules : Source Destination Service Action 192.168.1.1 CLIENT-IP 192.168.1.2 TCP-Destinationport accept 192.168.1.3 , the fw drops the answer packet from 192.168.1.2. I don't want to allow a rule like: Source Destination Service Action 192.168.1.2 CLIENT-IP TCP > 1023 accept Is there any other possible solution for this problem ???? Best regards Daniel Fitzner ------------------------------------------------------------------------ ---- --------- Daniel Fitzner IT-Services T-Systems debis Systemhaus GEI GmbH / GS Berlin debis Haus am Potsdamer Platz 10875 Berlin mail: [EMAIL PROTECTED] fon: +49 30 2554-3266 fax: +49 30 2554-3187 ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
