On 9/13/07, Brieseneck, Arne, VF-Group <Arne dot Brieseneck at vodafone dot com> wrote:
> Hi all,
> I have two monowalls running connected via the WAN interface to a wan
> network 10.5.40.0/24 one called
> DMZFW (10.5.40.20/24 gw 10.5.40.1 and 192.168.50.128/26) and
> FEWIMAXFW (10.5.40.120/24 gw 18.104.22.168 and 192.168.61.0/24)
> The DMZFW has a static route to the 192.168.61.0/24 network via
> NATing is disabled (pure routing / firewalling)
> In all three LANs are SSH servers.
> I can successfully open ssh connections from WAN towards both LAN SSH
> I can successfully open ssh connection from every LAN SSH server to the
> WAN SSH server
> I can successfully hop from one LAN-SSH-server via the WAN-SSH-server to
> the other one
> I can not SSH from one LAN to the other. ==>WHY?
> When I put logging on I see incoming traffic passing the other firewall
> I even can not ping from one LAN to the other (if I enable it in the FWs
> I see only permitted traffic but no response)
> Could it be that there is a routing issue in monowall?
Only if you created one (i.e. improper use or lacking of static routes).
Since it's going out, my first guess is the lack of a return route on
the destination firewall. It's almost certainly an incorrect or
missing static route somewhere.