Hello, we have an Astaro installation with 4 network adapters. Only two are significant in our issue.
eth0 = 192.168.0.63/24 gw 192.168.0.8
eth1 = 10.0.241.1/24 gw none
Another internal firewall:
192.168.0.8 is a Checkpoint firewall we have internally
eth0 connects directly to a switch with the rest of our 192.168.0/24 address space. There is another firewall there , a checkpoint ng install, that is also plugged in to the 192.168.0/24 address space. Additionally, the Checkpoint has several other attached interfaces (networks) all of which we want to be able to access from 10.0.241.0/24 hosts that are behind the Astaro firewall.
We have no problems accessing networks 'behind' the Checkpoint. The problem lies when 10.0.241.* addresses (behind the Astaro) try to contact 192.168.0.* addresses (those directly accessible via the Astaro eth0). I can't be sure what exactly is happening, but if I enable a Masq NAT so that 10.0.241.* hides behind eth0 of the Astaro, then I can access any 192.168.0.* host that is reachable via eth0. If I disable the NAT rule, it fails immediately. I would not normally mind using NAT. The problem is, we don't want any NAT in this case. These are all internally private connections. There are no 'public' interfaces on this Astaro at all. When a 10.0.241.* host behind the Astaro contacts any 192.168.0 .* host, we want the source and destination left alone. No NAT!
Any advice greatly appreciated. We are quite desperate as this problem is affecting launch of a new site we're staging at the main office. This is our first Astaro firewall.
Astaro is 5.022
This thread was automatically locked due to age.
