Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't Route Through Firewall To Remote Nets on DHCP Interface

James Bourne
Here's a weird one perhaps someone can help me with:

ASG220 + 7.104

Interfaces setup thus:

eth4: ***.29.89.234/29 
0.0.0.0         ***.29.89.233   0.0.0.0         UG        0 0          0 eth4
10.18.47.0      0.0.0.0         255.255.255.0   U         0 0          0 eth7
10.18.188.0     10.18.47.254    255.255.255.0   UG        0 0          0 eth7
10.19.0.0       0.0.0.0         255.255.240.0   U         0 0          0 eth5
10.19.252.0     0.0.0.0         255.255.252.0   U         0 0          0 eth6
10.242.2.0      10.242.2.2      255.255.255.0   UG        0 0          0 tun0
10.242.2.2      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 ipsec0
***.29.89.232   0.0.0.0         255.255.255.248 U         0 0          0 eth4


I'm stumped as to why this won't work! I've even added an ANY/ANY/ANY packet filter rule. I've tried NAT'ing onto those networks.


This thread was automatically locked due to age.
Parents
  • 0
    When you try to ping the 10.18.188.0 network from the networks attached to eth5 and eth6 it doesn't work?

    Have you checked a tcpdump on eth7 to see if the traffic is leaving the interface?

    Does the 10.18.47.254 device have a route pointing back to the 220 for the 10.19.x.x networks?

    As a test have you tried creating a SNAT so the traffic looks like it is coming from the astaro's eth7 interface?
Reply
  • 0
    When you try to ping the 10.18.188.0 network from the networks attached to eth5 and eth6 it doesn't work?

    Have you checked a tcpdump on eth7 to see if the traffic is leaving the interface?

    Does the 10.18.47.254 device have a route pointing back to the 220 for the 10.19.x.x networks?

    As a test have you tried creating a SNAT so the traffic looks like it is coming from the astaro's eth7 interface?
Children
No Data