Charles
Charles Steinkuehler wrote:
...
>
> Is the innerwall running firewall rules and possibly dropping the TCP
> traffic?
Possibly, I could not find any indication of this dropped traffic in the
firewall logs though. Mind you, I am not running shorewall but a
firewall script generated with fwbuilder. The traffic in question would
have to be routed back through the same interface. I have not found yet,
what exactly the routeback option in the shorewall interface does.
>
> Regardless, I recommend you setup your DMZ systems with the appropriate
> default route (pointing to the upstream host) and whatever static routes
> are required to talk to the network(s) behind the innerwall box.
That is my standard set up and it probably will remain that way for the
systems which have lots of external connections. The number of networks
connected to innerwall is quite big, so I wanted to have less
configuration work to do for those DMZ machines. I am aware of the
inherent overhead of ICMP redirects.
Thanks
Erich
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
