Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 07:32:38 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Two networks together - not working using blue zone and green zone
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Two networks together - not working using blue zone and green zone  (Read 10939 times)
mikesilvers
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 30 September 2011, 06:39:58 am »

This should be a basic issue, but it has been giving me trouble for the last week.  I have two subnets and two Endian's.  I would like to connect the two subnets, but allow each subnet to have their default gateway as they have different internet providers.  The network information is as follows:

Network A: 10.25.1.0/24
Default GW: 10.25.1.2
Endian A: two network cards - red zone for the internet, green zone for the LAN
Red Zone IP: <external IP>
Green Zone IP: 10.25.1.2
Endian A routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         *               255.255.255.128 U         0 0          0 eth0
<IP removed>    *               255.255.255.128 U         0 0          0 eth0
10.25.2.0       10.25.1.219     255.255.255.0   UG        0 0          0 br0
10.25.1.0       *               255.255.255.0   U         0 0          0 br0
default         <removed>       0.0.0.0         UG        0 0          0 eth0

There are only two Port Forwarding/NAT rules for this Endian.  Both rules are bound to the main uplink to allow traffic in to a specific machine on the 10.25.1.0 subnet.  There are no other firewall rules on this machine.  No other firewalls are in use (outgoing, inter-zone, etc)

Network B: 10.25.2.0/24
Default GW: 10.25.2.2
Endian B: three network cards - one red zone, one green LAN, one blue zone
Red Zone IP: <external IP>
Green Zone IP: 10.25.2.2
Blue Zone IP: 10.25.1.219
Endian B routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         *               255.255.255.224 U         0 0          0 eth1
<IP removed>    *               255.255.255.224 U         0 0          0 eth1
10.25.2.0       *               255.255.255.0   U         0 0          0 br0
10.25.1.0       *               255.255.255.0   U         0 0          0 br2
default         <removed>       0.0.0.0         UG        0 0          0 eth1

This machine has two rules in the Port Forwarding/NAT firewall section binding to the uplink.  The rules allow external communications with a server on the 10.25.2.0 subnet.  There are no rules in the outgoing or VPN firewalls.  There are rules in the inter-zone firewall and the system firewall.

The inter-zone firewall rules:
10.25.2.0/24-->10.25.1.0/24 any service allow
10.25.1.0/24-->10.25.2.0/24 any service allow
10.25.1.0/24-->10.25.1.0/24 any service allow
10.25.2.0/24-->10.25.2.0/24 any service allow

The system firewall rules:
10.25.1.0/24   <ANY>    TCP/10443
10.25.1.0/24   <ANY>    TCP/22
10.25.1.0/24   <ANY>    TCP+UDP/161:162

Any ideas on what may be going on here?  I can't communicate (ping, http, any protocol) between 10.25.1.0 and 10.25.2.0.....
Logged
timupci
Full Member
***
Offline Offline

Posts: 34


« Reply #1 on: Saturday 05 November 2011, 10:36:58 am »

Question. Why are you running 2 Endian Firewalls?


Setup should look like this


GREEN ------------------\                  / ----- RED 1
ORANGE------------------ --- EFW ---
BLUE---------------------/                  \ ----- RED 2

Then use Policy Routing for each Zone.

Green to RED1
Blue to RED2
Orange to BOTH?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com