-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erich Titl wrote: > Hi folks > > I am putting this up in the hope someone has a deeper insight into the > Linux IP stack than I > > I am running a pair of Bering boxes with a DMZ in between them, I call > them greatwall and innerwall. > > In the DMZ there is a Linux based sendmail MTA. > > I have ICMP redirect sendm and accept enabled on all the interfaces of > the firewalls looking at the DMZ, e.g. on innerwall and on greatwall. > > If I set the default route of the MTA to the DMZ interface on greatwall > (the external firewall) everything works fine. > > If I set the default route of the MTA to the DMZ interface on innerwall > there are two scenarios. > > 1) If I ping an external host, e.g. one reacheable through greatwall I see > > ICMP echo request goes to the innerwall DMZ interface > ICMP redirect host is sent from innerwall to the mta with aq nexthop on > the DMZ interface of greatwall > > NOw everything works as expected. > > 2) If I attempt to do the same with a TCP connection on port 25 I do not > see the ICMP redirect, which I would expect. Neither is the route in > cahce honoured.
Is the innerwall running firewall rules and possibly dropping the TCP traffic? Regardless, I recommend you setup your DMZ systems with the appropriate default route (pointing to the upstream host) and whatever static routes are required to talk to the network(s) behind the innerwall box. - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrYXSLywbqEHdNFwRAnf5AKCzpVr/tozruchOkE6qhnqaJrbHPACggymi TA7nG0L1YYj3+bdPplSafg4= =7CFo -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
