|
OK, here's the picture: WAN has a machine on it for some stuff I'm testing that's multihomed. Has one NIC on WAN switch and one NIC on the internal LAN switch.
DMZ switch has four machines in it.
I have 1 to 1 NAT running on two LAN servers. One for outlook web access, one for an FTP site that I use when I'm offsite and need a couple files.
Everything works just perfectly. From any machine outside, every rule does what I want it to do.
However....
My notebook sometimes ends up on the WAN switch when I want to do some port scans and such, or just for testing the rules and the access when I make adjustments to the ruleset.
So right now, it's on one of the 128 addresses I have that are public addresses. It works fine outbound anywhere. It can find the sonicwall for the VPN client, and I can VPN in through the sonicwall just fine and get at my internal network.
I can also use the windows 2000 VPN server I have running and get in that way as well.
However, yesterday my notebook suddenly would no longer access anything but the two VPN options. I couldn't get to any of the open things into my DMZ like HTTP or FTP. I couldn't get at any of the 1 to 1 NAT. I could only see the one machine that I had outside of the firewall in the WAN switch.
*BUT* that machine could see everything fine that my notebook couldn't see, so I knew the firewall was still working right. I could use my notebook to take PC Anywhere control of my server at home, and *that* machine could see everything and access everything just fine. All machines could. I pulled one of the spare desktops out, gave it the same IP I had been using on my notebook, unplugged the notebook, plugged in the desktop, and it could see everything just fine.
I thought maybe my notebook got horked up somehow. So I rebuilt it from the ground up. Same deal immediately, even after a fresh install of XP Pro with no other software installed yet.
This morning I bounced the Pro-300, since I couldn't do that yesterday during business hours. And that fixed the problem.
Now, however, I have reinstalled my Sonicwall VPN client (version 8). VPN works fine, but I'm right back to square one. Once again, my notebook won't see anything from outside. I haven't tried it from a different network since I haven't had the opportunity, but I will when I get home tonight from work. But it shouldn't matter.
I'm guessing it'll clear up again once I bounce the firewall tonight again.
I'm wondering if there's something getting cached when I'm VPN'd in. I see IP Spoof errors in my log when I use my Microsoft VPN. It shows the "internal" address my VPN adapter got as the source in the WAN, and whatever machine I was trying to reach as the destination. But it has the right MAC address for my network card.
So I'm wondering if that's what's hosing me up. Could something be cached with the goofy information from my MAC address? I can't find anything else that would cause this, but since this is the only notebook I have to play with, the rest being production machines assigned to other people, I can't try to duplicate it with someone else's equipment...
Just hoping that maybe someone else saw something similar, and might have a solution for me. Bouncing the firewall is not an answer I like. I'd rather try to fix the problem, not keep using a band-aid on it by rebooting the Pro-300.
I remembered a few threads in the past regarding the /diag.html page of the firewall - I looked in there, but other than flushing the ARP cache (which I tried, what the heck), I'm not sure what might be causing this, and don't want to break it when there's nothing else wrong.
Thanks for any info or guesses.
John
|
