EFW Support

Support => General Support => Topic started by: mikesilvers on Friday 30 September 2011, 06:39:58 am


Title: Two networks together - not working using blue zone and green zone
Post by: mikesilvers on Friday 30 September 2011, 06:39:58 am
This should be a basic issue, but it has been giving me trouble for the last week.  I have two subnets and two Endian's.  I would like to connect the two subnets, but allow each subnet to have their default gateway as they have different internet providers.  The network information is as follows:

Network A: 10.25.1.0/24
Default GW: 10.25.1.2
Endian A: two network cards - red zone for the internet, green zone for the LAN
Red Zone IP: <external IP>
Green Zone IP: 10.25.1.2
Endian A routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         *               255.255.255.128 U         0 0          0 eth0
<IP removed>    *               255.255.255.128 U         0 0          0 eth0
10.25.2.0       10.25.1.219     255.255.255.0   UG        0 0          0 br0
10.25.1.0       *               255.255.255.0   U         0 0          0 br0
default         <removed>       0.0.0.0         UG        0 0          0 eth0

There are only two Port Forwarding/NAT rules for this Endian.  Both rules are bound to the main uplink to allow traffic in to a specific machine on the 10.25.1.0 subnet.  There are no other firewall rules on this machine.  No other firewalls are in use (outgoing, inter-zone, etc)

Network B: 10.25.2.0/24
Default GW: 10.25.2.2
Endian B: three network cards - one red zone, one green LAN, one blue zone
Red Zone IP: <external IP>
Green Zone IP: 10.25.2.2
Blue Zone IP: 10.25.1.219
Endian B routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         *               255.255.255.224 U         0 0          0 eth1
<IP removed>    *               255.255.255.224 U         0 0          0 eth1
10.25.2.0       *               255.255.255.0   U         0 0          0 br0
10.25.1.0       *               255.255.255.0   U         0 0          0 br2
default         <removed>       0.0.0.0         UG        0 0          0 eth1

This machine has two rules in the Port Forwarding/NAT firewall section binding to the uplink.  The rules allow external communications with a server on the 10.25.2.0 subnet.  There are no rules in the outgoing or VPN firewalls.  There are rules in the inter-zone firewall and the system firewall.

The inter-zone firewall rules:
10.25.2.0/24-->10.25.1.0/24 any service allow
10.25.1.0/24-->10.25.2.0/24 any service allow
10.25.1.0/24-->10.25.1.0/24 any service allow
10.25.2.0/24-->10.25.2.0/24 any service allow

The system firewall rules:
10.25.1.0/24   <ANY>    TCP/10443
10.25.1.0/24   <ANY>    TCP/22
10.25.1.0/24   <ANY>    TCP+UDP/161:162

Any ideas on what may be going on here?  I can't communicate (ping, http, any protocol) between 10.25.1.0 and 10.25.2.0.....

Title: Re: Two networks together - not working using blue zone and green zone
Post by: timupci on Saturday 05 November 2011, 10:36:58 am
Question. Why are you running 2 Endian Firewalls?


Setup should look like this


GREEN ------------------\                  / ----- RED 1
ORANGE------------------ --- EFW ---
BLUE---------------------/                  \ ----- RED 2

Then use Policy Routing for each Zone.

Green to RED1
Blue to RED2
Orange to BOTH?


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media