FC3 traffic can't get thru firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A client attached an FC3 box to an existing private network of about 80 Windows and RH7.2 boxes and it can't seem to pass any traffic thru an existing firewall. It can interact with boxes on the private network just fine. The intent is to upgrade all their RH7.2 to FC3 over the next 30 day.

BTW - The client requested I scramble IP addresses and domain names.

An Internet router (123.12.23.1) connects to eth0 on an iptables firewall. eth1 of that firewall services a private network. The system wide rule is that any box on the private network can web browse. I therefore decided to attempt to telnet to the Internet router on port 80, thus testing the path from the private side thru the firewall to an Internet destination - namely the router.

A tcpdump listening on eth0 of the firewall for port 80 traffic to the internet router shows the following:
tcpdump: listening on eth0
09:31:41.389575 0:4:75:86:e5:b7 0:c0:7b:94:e:94 ip 70: bigboy.ftw.aia.32805 > router.aiaenv.com.http: S [tcp sum ok] 135994474:135994474(0) win 5840 <mss 1460,sackOK,timestamp 61546127 0> (DF) [tos 0x10] (ttl 63, id 741, len 56)
09:31:44.388010 0:4:75:86:e5:b7 0:c0:7b:94:e:94 ip 70: bigboy.ftw.aia.32805 > router.aiaenv.com.http: S [tcp sum ok] 135994474:135994474(0) win 5840 <mss 1460,sackOK,timestamp 61549127 0> (DF) [tos 0x10] (ttl 63, id 743, len 56)
09:32:57.174934 0:4:75:86:e5:b7 0:c0:7b:94:e:94 ip 74: mail1.aiaenv.com.49411 > router.aiaenv.com.http: S [tcp sum ok] 1483166439:1483166439(0) win 5840 <mss 1460,sackOK,timestamp 128170684 0,nop,wscale 0> (DF) [tos 0x10] (ttl 63, id 59483, len 60)
09:32:57.181716 0:c0:7b:94:e:94 0:4:75:86:e5:b7 ip 60: router.aiaenv.com.http > mail1.aiaenv.com.49411: R [tcp sum ok] 0:0(0) ack 1483166440 win 0 (ttl 64, id 11864, len 40)

The first 2 entries are from : telnet 123.12.23.1 80 from bigboy, an FC3 box. The telnet hangs never establishing a connection, ( I CTRL-C'd after 2 packets) but the dump clearly shows that the traffic hit the public side of the firewall. If I wait long enough, I get lots of similar output, but never a reply packet, and eventually get "Connection timed out".

The next 2 entries are from : telnet 123.12.23.1 80 from mail1, an old RH7.2 box. The telnet connects and reports a "connection refused" as there is no web server running on the router.

I've checked the firewalls logs for dropped packets and none are reported.

I even moved the IP address of bigboy around to several other private addresses, and cleared the ARP caches involved to see if it was firewall rule related, and no matter what IP I put bigboy on its always the same thing. Traffic hits the public side of the firewall and disappears.

I've got ipv6 and Window scaling turned off on the FC3 box.

Any ideas?

--
Bill Gradwohl
bill@xxxxxxx
http://www.ycc.com
spamSTOMPER Protected email

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux