Hope some expert out there can give me some insight on this...
I have 3 nic
eth0 - lan
eth1 - private leased line to another branch (ip 10.8.0.2, gw 10.8.0.1)
eth2 - internet (ip x.x.x.x, gw y.y.y.y - default gw)
all internet is masq, and is working fine. the connection through eth1 private leased line is accessing another set of ip on the other side with ip such as 147.a.a.a. so i created a routing for this, and also a masq on this interface. packet are routed and masq to src ip 10.8.0.2. there is a checkpoint firewall on the other side protecting the range 147.a.a.a.
now my problem is this: most of the time, connection to 147.a.a.a is ok, but some connection will be drop by the checkpoint. checkpoint log reveal a syn packet was received on and existing connection. a little sniffing show that masq done by Astaro was a bit odd. src ip was translated correctly to 10.8.0.2, but src port start at 1029 -> around 4000. seems to me Astaro did not perform the src port translation and its still using client src port, which causes the crash of src port as detected by checkpoint. from what i understand linux masq default uses port > 61000. anyone know whether the masq port range is configurable?
This thread was automatically locked due to age.
