Re: Linux bridge TCP routing problem
On Tue, Mar 30, 2010 at 3:07 PM, <lare@puhti.com> wrote:
> Hello folks
>
> I have following setup:
>
> DMZ public IP 4
> DMZ public IP 3
> |
> Internet---br0, public IP 1 (eth0 is internet side and eth1 is DMZ side)
> br0:0, public IP 2---nat (eth2)---private IP
>
> Problem is that sometimes (a 2-4 times in a day) DMZ public IP 3 cannot
> make TCP connection to br0:0 public IP 2. The connection is lost from 5
> minutes to 5 hours and fixes by itself. Connection can be fixed manually
> by running command "nmap public IP 2" from DMZ public IP3. ICMP and UDP
> -protocols works fine. When system is broken and I try to make
> tcp-connection from DMZ public IP 3 to public IP 2 and dumping eth2, I see
> some of packets there. When system is working, no those backets can bee
> seen on eth2. DMZ public IP 3 can connect all the time in other mentioned
> IP:s. This system went broken when we removed all physdev-things from our
> firewall and upgraded from etch to lenny. Does anybody have a clue what
sounds like you are having firewall issues, nmap is probably setting
up connection tracking and allowing packets to flow again.
What I don't understand is why you need to use bridging ? trying to
save ip addresses ??
you can put iptables -j LOG ruiles in to test where packets are
getting to, good rule of thumb is to log packets before drop/rejecting
them
physdev is important when you are firewalling bridge devices
> could cause the broblem or at least what could I do to investigate this
> problem more?
>
> System is Debian Lenny with default kernel 2.6.26-2-686
>
> -Lauri-
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 082ae19851cb6ef9852c548143c41206.squirrel@ssl.puhti.com">http://lists.debian.org/[🔎] 082ae19851cb6ef9852c548143c41206.squirrel@ssl.puhti.com
>
>
Reply to: