On Fri, Apr 08, 2005 at 01:21:36PM +0200, Carlos wrote: > Hello List: > > Sorry my English. I have a firewall with a debian Woody installed > with a kernel 2.4.29. This it connected to internet trought HDSL > line with a Cisco router 1721 , bridge mode. Has configured 5 > public ips by ip aliasing. The firewall works correctly although > before 4 or 5 days one of the ips they configured is not accessible > from internet. Since inside of the network responds correctly. If > ifdown and ifup the interface does not fix anything. If I configure > some host inside of the network with that Ip, is accessible from > Internet. Finally if I powerOff the router and powerOn again, all > correctly. Any suggestion? It might be an ARP problem. Cisco ships its routers with a ARP cache ttl of 4 hours. So, if I understand correctly You have the following setup: Internet Line -------- Cisco Bridge --------- FW with 5 interfaces Now, if any address on the FW that is known to the bridge is connected to other hardware than before, the Cisco will not pickup the change until the ARP cache is cleared. On the cisco, check the arp settings: sh arp -- check coupling between ip and hw addresses with your FW. You can also change the arp cache timeout to a more sane value. Regards, Elton
Attachment:
signature.asc
Description: Digital signature