Ok. I have been playing with this firewall for a few days now, and I can say Good Job over the rest that I have tested. But, there is a problem/bug, and I wanted to know if anyone has seen this.
I have ETH2 as my public interface (using private addresses to simulate a real world implementation). All of my other interfaces have thier own completely different subnet. Anyways, when I go to add an alias to ETH2, ASL will add it. BUT, when I add an additional alias to the same interface, the prior alias interface is deleted from the firewall. How do I know this happens you ask? I want to provide HTTPS access to two different servers in the DMZ zone, and I can telnet to port 443 on one of the aliases, but not the other. And, yes I do have the correct packet filters in place, because before I added the other alias I was able to telnet to port 443.
Anyways, I then looked in REPORTING -> NETWORK and in the "Network interface cards" section, the second alias is there and not the prior alias.
So, I go back to MASQ/NAT and delete the DNAT entry I have, delete the Alias Interface, and re-create it. I go back to "Network interface cards" section, and this alias interface is there and not the other.
Is this because I am still running the EVALUATION VERSION, or is this a bug within the code (just waiting for my Power User license)? I haven't tried to SSH into the box and manually add the alias interface yet, but I'm not sure if it will work. I presume it will.
Oh, and I am running ASL 3.205 and have 3 Intel Pro 100 NICs installed.
Thanks for any and all inputs.
[size="1"][ 08 August 2002, 12:49: Message edited by: Chris Lynch ][/size]
Ok. I have been playing with this firewall for a few days now, and I can say Good Job over the rest that I have tested. But, there is a problem/bug, and I wanted to know if anyone has seen this.
I have ETH2 as my public interface (using private addresses to simulate a real world implementation). All of my other interfaces have thier own completely different subnet. Anyways, when I go to add an alias to ETH2, ASL will add it. BUT, when I add an additional alias to the same interface, the prior alias interface is deleted from the firewall. How do I know this happens you ask? I want to provide HTTPS access to two different servers in the DMZ zone, and I can telnet to port 443 on one of the aliases, but not the other. And, yes I do have the correct packet filters in place, because before I added the other alias I was able to telnet to port 443.
Anyways, I then looked in REPORTING -> NETWORK and in the "Network interface cards" section, the second alias is there and not the prior alias.
So, I go back to MASQ/NAT and delete the DNAT entry I have, delete the Alias Interface, and re-create it. I go back to "Network interface cards" section, and this alias interface is there and not the other.
Is this because I am still running the EVALUATION VERSION, or is this a bug within the code (just waiting for my Power User license)? I haven't tried to SSH into the box and manually add the alias interface yet, but I'm not sure if it will work. I presume it will.
Oh, and I am running ASL 3.205 and have 3 Intel Pro 100 NICs installed.
Thanks for any and all inputs.
[size="1"][ 08 August 2002, 12:49: Message edited by: Chris Lynch ][/size]
