On 05/22/2012 08:08 AM, Sam Cappello wrote:
> connection request is reaching the firewall and is being redirected
> to the server. In this case, the problem is usually a missing or
> incorrect default gateway setting on the local system (the system
> you are trying to forward to -- its default gateway must be the IP
> address of the firewall's interface to that system unless you use
> the hack described in FAQ 1f
> <http://www.shorewall.net/FAQ.htm#faq1f>). <sam> default gw is set
> to firewall
> conntrack table shows [UNREPLIED] ex. tcp 6 77 SYN_SENT
> src=198.152.13.67 dst=24.129.159.12 sport=51395 dport=80
> packets=1 bytes=60 [UNREPLIED] src=172.16.90.36
> dst=198.152.13.67 sport=80 dport=51395 packets=0 bytes=0 mark=0
> use=2
>
SYN_SENT means that the firewall has sent the packet to 172.16.90.36 who
has not responded.
You need to use tcpdump on eth2:
tcpdump -nei eth2 port 80
Pay particular attention to the MAC addresses of the SYNs being sent to
172.16.90.36 and the SYN,ACKs being returned to the client. While you
stated that you power-cycled the switches, the server itself can have
the same issue when you swap default routers.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
