Hi,
I have a network topology like this,
| |
FW1-A FW1-B
Net-A ___|__________________ |
| | |
Node-1 ... Node-n |
Net-B _____|_____________|_____|__
Each node has 2 interfaces with 2 IPs in Net-A and Net-B respectively, and
certainly the routing funtion of them are disabled. The problem appears when
I put this topology to realization. When I set the defaultrouter of the
nodes to FW1-A, I can't connect to them from outside by the Net-B addresses,
and vice versa.
Looking into the logs, I find that, when the defaultrouter is set to FW1-A,
the packets of the connection attempt from outside to Net-B address come in
via FW1-B, but the responsing packets go out via FW1-A because of the
defaultrouter setting, and are dropped by FW1-A as "unknown estabished TCP
packet".
Then I think maybe my topology is unpractical in state inspection machanism.
But I'm not sure about this.
Occasionally, I find that if a node is Win2000, it can be connected from
outside by either addresses. And the polocies and properties of the FWs are
the same. So strange!
Is there any explanation or solution?
Thanks.
Winway
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Firewalls mailing list
Firewalls@lists.gnac.net
http://lists.gnac.net/mailman/listinfo/firewalls