I've been banking my head against the wall on this for far too long, and am looking for some help.
I have two external (public) IP addresses, and two internal web servers. Our internal network contains addresses of the 192.168.***.*** variety.
Each of the external IP's is bound to an interface called External and External2.
With packet filter rules and DNAT rules in place, traffic from the External interface is routed to one of our webservers without issue. Here is an example from the Live Log (which shows up in green):
Packet filter rule #21 TCP 205.200.189.2:55992 → 192.168.219.12:80
where PF rule #21 has:
source: any
Service: http
destination: MainWebserver
For our second webserver (on a separate public IP), the live log shows:
Connection using NAT TCP 24.79.100.130:33974 → 24.79.93.182 : 80
This shows as a Grey line, followed by:
Packet filter rule #19 TCP 24.79.100.130 : 33974 → 192.168.219.124 : 80
showing in green, and I am served pages as expected.
The problem:
SOME of our site visitors, specifically those in government agencies, receive "It says request timed out" errors trying to access second webserver on the External2 interface. This is also the same one that results in the "Connection using NAT" entries in the Live Log. I can only assume there is a relationship between the additional log entry, and the time out issues some of our visitors have.
ANY guidance or education here would be most appreciated.
Grant
This thread was automatically locked due to age.
