My son hosts gaming parties and I wanted to add a second, separate network for him to host his friend's computers on. My firewall, running ASL 6.314, has been running flawlessly for years and already had a third NIC installed, although it was never connected to anything. For this "guest" network, I created a second set of packet filter rules, identical to the set of packet filter rules I have for my main internal network, allowing the same services between the guest network and the external network. There are no rules allowing communication between the guest and internal networks. I also added a NAT masquerading rule from the guest network to the external network, identical the the NAT masquerading rule that I have from the internal network to the external network. And, I added the guest network to the allowed network on the various proxies that are enabled, including the HTTP proxy. As far as I can tell, the guest network is setup identically to the internal network.
Machines connected to the guest network get an IP address from the DHCP server just fine. They can ping addresses on the external network succesfully, so the DNS proxy is working fine and pings are making it through to the external network. And, the HTTP proxy is working -- machines on the guest network can access websites through HTTP. But, that is about all these guest machine can do. Other protocols don't make it from the guest network to the external network. For example, using HTTPS to access a website simply times out. My son's games can't connect to their servers.
I've played with the packet filter rules, even experimenting with adding a rule at the very top of the packet filter list that allows any service and port from the guest network through to the external network and any service and port from the external network through to the guest network. But, this didn't change anything.
Any ideas as to why the guest network can only access the external network through proxy servers but not directly?
This thread was automatically locked due to age.
