I did a simple upgrade on a well working 2.5.2 community version.
Everything looks fine - except a very strange behaviour in Inter-Zone-Traffic (Blue to Green):
Even, if I create a general rule (allow everything from BLUE/GREEN to BLUE/GREEN or from interface 1/2 to interface 1/2) in the first place, all ports are blocked, except Port 80 at the Firewall-IP itself (checked with netscan in the blue Zone). ICMP (ping) is working from blue to green, but DNS or NTP or anything else is not forwarded.
The Red Zone is no problem, Internet-Traffic is not affected, regardless if I try from green or blue, but Traffic between Blue and Green is nearly dead.
Maybe it is something outside the firewall configuration itself, because it seems, that the packages even not reaches the IPTables-Process. Nothing is noted in the log - independently, if I switched on logging for good packages in the Inter-Zone-Section at all or enable it in the general rule mentioned.
I am frustrated
- will switch back to 2.5.2, which is much more reliable.
Any hint?
Guido
Author