Greetings:
I'm slowly yanking out my hair over this one, and didn't see
anything similar in the archives.
I had a Linux box with iptables and 2.4.13, two external NICS. One
talks to my internal net (192.168.1.0), the other to my internet network
(1.1.1.0). On the inside network, I have a server (192.168.1.10) I want to
make available through the firewall via ssh.
On the external NIC, I set up a virtual address (1.1.1.100) as
eth0:0.
There are tables and rules that move the packets into the internal
network and to the server. This has worked great for months (for http/https
and ftp, too).
Last week, I set up a new box that essentially identical to the
first (only the hostnames and hardware are different). With a couple of
exceptions, the iptables script on the new box sets up IDENTICALLY to the
first. The ifconfig routine sets up the virtual address, and the host names
all resolve properly on the external network.
However, I cannot get ANY responses from the machine behind the
firewall. My logs on the new firewall show a connection being made between
the requesting systems and the system behind the firewall, but I get no
response back from the internal machine. I've tried different virtual
addresses, different requesting systems, and the target system refuses to
reply. I even reverted back to kernel 2.4.13 from 2.4.17 on the new machine.
I ran tcpdump and attempted to connect to see if there were any errors. I
can see packets on the target machine, but nothing seems to get back to the
other side.
When I switch things back to the old machine, it works fine.
I'm really stumped on this. I'd like to get the new machine up as
it's more powerful than the old box, but I cannot, for the life of me, see
anything wrong here. Does anyone have suggestions as to where I might look
that I haven't?
Thanks.
Joe Dougherty
Information Technology Systems Officer
NAVLANTMETOCFAC Jacksonville
(904) 542-2541 ext. 35 (comm)
942-2541 ext. 35 (DSN)
[EMAIL PROTECTED]
https://www.nlmof.navy.mil
"rm -rf /bin/laden"
