SUMMARY: /etc/notrouter and multi-homed hosts

From: Adam Levin <levins_at_westnet.com>
Date: Thu Apr 15 2004 - 12:47:18 EDT
Kind listmembers, I'd like to once again thank the following:
Charles Rawls <crawls@tgix.com>
Terry Gardner <boosdad1959@yahoo.com>
Richard Rodriguez <richard_rodriguezs@yahoo.com>
Crist Clark <crist.clark@globalstar.com>
Darren Dunham <ddunham@taos.com>

I would also like to apologize for wasting their time.

I'm at our data center today, and the network guy is here.  We poured over
tcpdump output on the various interfaces and machines involved, and
everything looks correct.

The packets coming in to the FTP server look fine, and the server is
responding on the other interface, but the datagram IP is correct.

The problem is that our two subnets are not connected via router --
they're connected via a *firewall*.  It's the firewall that's preventing
the crosstalk, which is exactly what it's supposed to do.  Since it's a
stateful firewall (Cisco PIX), it sees the response go out on a different
subnet from the request.  It doesn't know that it's a valid response to a
request, and therefore blocks the datagrams.

Everything is working exactly as it should, and so You Can't Get There
>From Here.

Thank you very much for the help and replies.  If nothing else, I've
learned even more about diagnosing network issues.

-Adam
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Apr 15 12:47:12 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:31 EST