Hello,
I'm currently evaluating Astaro Security Gateway (firmware 7.401) running in a Virtual Machine on a ESX host. So far I have been positively impressed by the product by I'm hitting against a problem apparently so simple that I just cannot believe it's a bug.
Scenario:
I have two networks. Let's call them Public and Internal. They use different addressing, like 10.150.0.0/16 and 172.30.10.0/24.
I'm sitting in the public network and I want to reach 4 machines that are in the internal network. I don't want to use NAT/DNAT/Port Fowarding. Just plain and simple routing. I want to be able to make an SSH connection to them (but I have this same problem with any protocol).
So I create a network group called ESX and I add
172.30.10.10 (host1)
172.30.10.11 (host2)
172.30.10.12 (host3)
172.30.10.13 (host4)
Then I create a simple packet filter route:
Public (Network) -> SSH -> esx (allow)
I try to ssh to host 172.30.10.10 and it works fine.
I try to ssh to host 172.30.10.11 and it works fine.
I try to ssh to host 172.30.10.12 and it drops the packet (Default DROP).
I try to ssh to host 172.30.10.13 and it drops the packet (Default DROP).
I have tried creating specific rules like:
Public (Network) -> SSH -> host1 (OK)
Public (Network) -> SSH -> host2 (OK)
Public (Network) -> SSH -> host3 (Default DROP)
Public (Network) -> SSH -> host4 (Default DROP)
The only workaround is to create a rule that says:
Public (Network) -> SSH -> ANY (Internal)
Then it works for everything, including those hosts that otherwise it keeps dropping but obviously it's not an option.
Any clues ?
Thank you.
This thread was automatically locked due to age.
