Hi again,
> I seem to remember a while back that someone posted a similar
>problem but I appear to have recreated it myself! The full details are:
>
>I'm running 1.22 Generic PC version.
>
>I have the following interfaces configured:
>
>vlan0 LAN
>vlan1 WAN
>vlan2 OPT1
>vlan3 OPT2
>vlan4 OPT3
>
>OPT1 is bridged with WAN. I have advanced outbound NAT set and am not
>NATing traffic from LAN -> OPT1 so that I can still access the servers
>by their real IP addresses.
>
>I can access OPT1 from LAN no problem at all but OPT1 cannot get
>anything from the WAN!
>
>
>As I have a managed switch, I've setup a spanned port and can see the
>SYN go out from the server on OPT1, I can see it leave the WAN
>interface. I then see the SYN-ACK return to the WAN interface but I
>don't see it return to OPT1.
>
>I can also see the connection entered into the state table.
>
>I normally have 'Enable filtering bridge' selected but even if I disable
>it, it still doesn't work.
>
>This was all working fine on 1.21 when I had separate NICs but I've now
>moved to one VLAN trunk and it no longer seems to work.
>
>I'm going to try a separate physical NIC for OPT1 to see if that makes a
>difference but I'd rather not have to - the whole point of the exercise
>was to reduce cabling and try to simplify things!
Apologies for following up my own post but I've now tried with a second
interface in my firewall. I can now confirm:
1) With a real interface as OPT1 the problem still exists.
2) With a real interface as WAN the problem is resolved.
It would appear that if any interface is bridged with a vlan interface
it is destined not to work.
If anyone has any ideas why then I'd love to know as I'd like to resolve
this. I have WAN patched in to my managed switched so I can still use
the roving analysis port to perform packet captures if necessary but I'd
like to end up with a single interface for the firewall.
Many thanks in advance,
Neil.
--
Neil A. Hillard E-Mail: m0n0 at dana dot org dot uk | 