Hi Tom, Thanks for the response. Yes, I did have the setup you described.
To do some packet captures for early testing, I had moved the external interface of the LEAF router and the internal interface of my DSL modem to a hub that was on the same LAN as my internal network. I moved things back to the way they should have been and haven't seen the problem again. If I need to capture packets in the future, I'll get another hub to keep the network properly segmented. Thanks, Brian Tom Eastep wrote: >On Fri, 17 May 2002, Brian Credeur wrote: > >>Hi, >> >>I have a LEAF Bering 1.0-rc1 system (Shorewall 1.2.8) and have 5 static >>external IP addresses to use. One IP is the primary of the firewall, I >>am using proxy arp for three of the IP's (DMZ network servers), and >>static NAT for the last IP (internal network system). This is a similar >>setup to the newer example network in the Shorewall documentation. >> >>Everyting, seems to work just fine, with one exception. After a long >>period of idleness I find that I cannot connect to external and DMZ >>hosts from the statically NAT'd system, though it can connect to >>internal network hosts just fine. All other connections work as >>configured (DMZ<->internal, internal (masq'd) <->Internet, ...), so >>appears to be an issue specific to the static NAT. >> >>When the problem occurs I cannot make any TCP connections to the >>Internet, for example, from the static NAT'd PC. Also, if I ping an >>Internet host, from it the packets are dropped by the firewall: >> Shorewall:rfc1918:DROP:IN=eth0 OUT=eth0 SRC=<static_nat_host> >>DST=<non-internal_network_host> ... >> > >Do you have both sides of your firewall connected to the same hub or >switch? > >-Tom >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ [EMAIL PROTECTED] > >_______________________________________________ >Shorewall-users mailing list >[EMAIL PROTECTED] >http://www.shorewall.net/mailman/listinfo/shorewall-users > > _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
