If this is thew wrong list please point me in the right direction. I have
posted this to several lists with no responce.
I have a linux 2.0.36 based firewall. Its outside ip is 10.0.0.2/27(eth0).
Its inside ip is 11.0.0.1/27(eth1). All traffic that is not for 11.0.0.0
goes from eth1 to eth0 and then onto the world.
I want to route traffic to 12.0.0.0/24 via 11.0.0.2 (the ravlin)
so I added:
/sbin/route add -net 12.0.0.0 netmask 255.255.255.0 gw 11.0.0.2
which creates the following route:
12.0.0.0 11.0.0.2 255.255.255.0 UG 0 0 172 eth1
If I try to telnet or ftp from the firewall to (12.0.0.7) everything is
fine but if I try to telnet or ftp from 11.0.0.100, ftp does not work and
gives me a service not available error. Telnet closes the first time
and then stays open for 10-60 seconds or so and drops me back to the place
I telneted from.
If I do a ping from 11.0.0.100 (a solaris 2.6 box) I see the following:
ICMP Host redirect from gateway firewall.domain.com (11.0.0.1)
to 11.0.0.2 for 12.0.0.7
I was tcpdumping for the vendor on the 11.0.0.2 box and they tell me
when I ping 12.0.0.7 the return packet has the mac address of the 11.0.0.1
so they think ipfwadm might be messing with the packets in some way
because there is no way they can be coming back from 11.0.0.1.
If I switch the default route on 11.0.100 to 11.0.0.2 ftp and telnet work
fine. And have 11.0.0.2 route non 12.0.0.0/24 traffic to 11.0.0.1
If anyone can tell me how to fix this, I would be very grateful.
Thanks,
paonia
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
