|
||||||||
Our setup is a Back-to-Back Perimeter network with 2 m0n0wall boxes. (M1 and M2) Internet <- M1 -> DMZ Area <- M2 -> LAN M1 WAN - Ext IP's M1 LAN - 192.168.200.190 M2 WAN - 192.168.200.80 M2 LAN - 10.10.10.80 Gateway on DMZ servers to be M1 Lan IP Gateway on LAN servers is M2 Lan IP There is a static route setup on M1 for the 10. network, pointing to M2 Wan IP DMZ and LAN servers are Windows 2000 or 2003. From a DMZ server, we can ping all LAN pc's and the ping response comes back with the appropriate 10. IP address, except one. This servers ping respones comes back with M2's WAN IP, not its 10. IP. I have set allow all rules for testing on both the LAN and WAN interfaces of M2, and enabled logging for these. When pinging a 'working' address, a ping show up in the log from the DMZ server IP (192.168.200.14) to the appropriate LAN IP (10.0.0.x), HOWEVER, when pinging this one particular server, there is no log entry. It is as though M2 is responding on behalf of the server, not passing the request through. There is only one NAT for this IP (10.0.0.37) and that is for Port 389 (LDAP). I have even changed this to another IP to test, with no change. I have also rebooted M2 and the 10.0.0.37 server in question, checked any NAT's, rules and otherwise on the m0n0's that may be causing this, have cleared caches all with the same result. I have searched the list for route and ping problems, to no avail. Does anyone have any suggestions for me to try as I am at wits end! As a side note, our ultimate goal with this is to make a one way trust from our DMZ AD domain to our LAN AD domain for authentication purposes, so if there is a better way to do this I'll be more than happy to try it out. Thanks Tim |