Hi,
I have a LEAF Bering 1.0-rc1 system (Shorewall 1.2.8) and have 5 static
external IP addresses to use. One IP is the primary of the firewall, I
am using proxy arp for three of the IP's (DMZ network servers), and
static NAT for the last IP (internal network system). This is a similar
setup to the newer example network in the Shorewall documentation.
Everyting, seems to work just fine, with one exception. After a long
period of idleness I find that I cannot connect to external and DMZ
hosts from the statically NAT'd system, though it can connect to
internal network hosts just fine. All other connections work as
configured (DMZ<->internal, internal (masq'd) <->Internet, ...), so
appears to be an issue specific to the static NAT.
When the problem occurs I cannot make any TCP connections to the
Internet, for example, from the static NAT'd PC. Also, if I ping an
Internet host, from it the packets are dropped by the firewall:
Shorewall:rfc1918:DROP:IN=eth0 OUT=eth0 SRC=<static_nat_host>
DST=<non-internal_network_host> ...
If I tracert (Windows tracroute, using ICMP) from this static_nat_host
to the same non-internal_network_host, the tracert works and then
everything works fine, thereafter, until I don't use the system for a
while (ex: turn it off, go to sleep, come back in the morning).
Just a guess: Is this an ARP issue with Shorwall?
Your suggestions would be appreciated.
Thanks,
Brian
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that�s a super model! Visit http://clustering.foundries.sf.net/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
