Is the PIX a stand-alone or does it have the failover module as well? If it has the failover box, it is possible that when the conduit and static translation were added to the primary, they never did a "wr stand" after the "wr mem". If the primary PIX went down and the failover took it's place, it wouldn't know anything about that conduit or translation. Kenny John Abreau wrote: > > I've got a linux box with a web server that I can't access properly since > this morning. It's at a colocation site, behind a PIX firewall with a > static conduit to it on port 80. > > I've got two subnets at the site, with several machines on either side. Of > the four web servers on the PIX's inside subnet, I can access three from > anywhere (telnet ipaddr 80), but the fourth I can only access from the > subnet inside the PIX and the subnet immediately outside the PIX. > > I checked the routing tables and ifconfig settings, and there's no > differences between the machines (aside from the ip and mac addresses, of > course). The static conduits for the four machines appear to be configured > identically on the PIX (I telnetted to the PIX and did a "write term" to > get a dump of its current settings). I'm waiting for a couple of our guys > to arrive at the colocation site to reboot the PIX, just in case the > settings I'm seeing don't reflect its current behavior. > > This behavior doesn't make sense to me. I can't think of anything that > would break this one server but not affect the other three identical > servers. > > What could I be overlooking? > > -- > John Abreau / Executive Director, Boston Linux & Unix > ICQ#28611923 / AIM abreauj / Email [EMAIL PROTECTED] > > ********************************************************** > To unsubscribe from this list, send mail to > [EMAIL PROTECTED] with the following text in the > *body* (*not* the subject line) of the letter: > unsubscribe gnhlug > ********************************************************** -- Kenny Lussier Systems Administrator Mission Critical Linux *********************************************************** Paranoia: It's not just for breakfast anymore Linux: The last service pack that you will ever need *********************************************************** ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
