my employer uses an Astaro (currently V7.202, updating soon) to manage network traffic to several services. The following diagram describes the basic layout of the topology.
WAN1 WAN2
| |
| |
+--+-----------------+--+
| ASTARO 7.202 |
+--+-----+-----+-----+--+
| | | |
| | | |
LAN DMZ1 DMZ2 DMZ3
WAN1+2 are static lines, WAN2 is rather new and added for additional static external IP adresses as well as failover line.
The task is routing a service which adresses an external IP from WAN2 to a Server in on one of the DMZ.
So I set up a DNat, added some Masquerading and the usual packet filters (like I did for so many services on WAN1), activated it - and it didn't work. After some unsuccesful changes of the configuration and plenty of reading in this forum I started some IP traces to find out what is wrong and where the message (which is sent from an external device to the DMZ server) was lost.
I discovered, that the SYN-Packet from the external device was routed to the server and there received properly. The server answered with an ACK-Packet, which was lost. After tracing between Astaro, WAN1 and WAN2 I've discovered the ACK-Packet was routed back over WAN1 and not over WAN2 - the external device doesn't like that even if it receives that packet. To cross-check that I've then used an IP Adress on WAN1 - this time ofc it did "work" (SYN-Packet and ACK-Packet both over WAN1, device received it and was happy).
How can I configure Astaro to send the ACK-Packet back over the WAN2-Interface, where it received the according SYN-Packet earlier?
Thanks for any suggestions in advance!
Björn
This thread was automatically locked due to age.
