|
Title: BLUE/GREEN Weirdness Post by: sowley on Wednesday 06 March 2013, 06:36:33 am I cannot figure this out. I have used the intra-zone control panel to poke a hole through from Blue (network 192.168.70.0/23, blue is *70.1) to Green (network 10.0.0.0/16, Green is 10.0.0.47) for a specific server (10.0.1.159), so that our wireless network can reach a dns server in Green. We have a static route set up in the 10.* network's router so that its members know to use the Green interface on Endian for the Blue network access. To make things easy i started out allowing <ANY> through to this server. I can tracert and ping from a PC in the Green network and reach a PC in Blue, as you would expect. If I set up an SNAT that makes traffic from Blue look like the Green interface, then I can tracert or ping from the Blue PC to a Green one, but only if I do that and even then DNS is always blocked: FORWARD:DROP UDP (br2) 192.168.71.253:62856 -> 10.0.1.159:53 (eth2) Some other sort of traffic gets through periodically, but I do not know what this is, and it would appear that the Zone rule is being applied in this case: ZONEFW:ACCEPT:6:l3 UDP (br2) 192.168.71.253:137 -> 10.0.1.159:137 (br0) I also see this once in a while: INPUTFW:DROP UDP (br0) 10.0.1.159:67 -> 255.255.255.255:68 So, what am I doing wrong? If I can just get Blue to talk to a few servers in Green I am all set. Many Thanks! Title: Re: BLUE/GREEN Weirdness Post by: sowley on Wednesday 06 March 2013, 08:54:08 am Fixed it! Thanks!
S. |