I messed the first post up let me try again. I am just going to make the changes in the text and resend it. sorry was asleep at the keyboard. thanks paonia > If this is the wrong list please point me in the right direction. I have > posted this to several lists with no responce. > > I have a linux 2.0.36 based firewall. Its outside ip is 10.0.0.2/27(eth0). > Its inside ip is 11.0.0.1/24(eth1). All traffic that is not for 11.0.0.0 > goes from eth1 to eth0 and then onto the world. > > I want to route traffic to 12.0.0.0/24 via 11.0.0.2 (a vpn box) > so I added: > > /sbin/route add -net 12.0.0.0 netmask 255.255.255.0 gw 11.0.0.2 > > which creates the following route: > 12.0.0.0 11.0.0.2 255.255.255.0 UG 0 0 172 eth1 > > If I try to telnet or ftp from the firewall to (12.0.0.7) everything is > fine but if I try to telnet or ftp from 11.0.0.100, ftp does not work and > gives me a service not available error. Telnet closes the first time > and then stays open for 10-60 seconds or so and drops me back to the place > I telneted from. > > If I do a ping from 11.0.0.100 (a solaris 2.6 box) I see the following: > ICMP Host redirect from gateway firewall.domain.com (11.0.0.1) > to 11.0.0.2 for 12.0.0.7 > > I was tcpdumping for the vendor on the 11.0.0.2 box and they tell me > when I ping 12.0.0.7 the return packet has the mac address of the 11.0.0.1 > so they think ipfwadm might be messing with the packets in some way > because there is no way they can be coming back from 11.0.0.1. > > If I switch the default route on 11.0.100 to 11.0.0.2 ftp and telnet work > fine. And have 11.0.0.2 route non 12.0.0.0/24 traffic to 11.0.0.1 > > If anyone can tell me how to fix this, I would be very grateful. > > Thanks, > paonia > ----- End of forwarded message from Paonia Ezrine ----- - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
