mrk at renre-europe.com
Wed Jan 16 13:43:42 GMT 2002
It turned out that fixing the ACLs on the ISP router fixed everything.
On Wed, 2002-01-16 at 11:54, Mark Kilmartin wrote:
> I didn't actually try that.
> I have actually been on to the ISP and have been told that there is an
> ACL blocking that sort of thing on the router, but they are adding an
> ACL to allow packets from the IPs in question.
> So hopefully everything will soon be solved.
> I believe I may have figured out how to do it using routing tables.
> But I won't test this until I find out if the change on the router fixes
> it as this is the neater of the possible solutions.
> Thanks for all the help of everybody.
> On Wed, 2002-01-16 at 11:45, Nick Murtagh wrote:
> > On Wednesday 16 January 2002 11:29, Mark Kilmartin wrote:
> > > I know that the firewall is not dropping them.
> > >
> > > But I can't be sure of the ISPs routers.
> > >
> > > It makes sense (sort of) to me that a route that see traffic coming from
> > > a.b.c.x but it knows that it should only see traffic from d.e.f.x then
> > > it would drop it?
> > Yeah, I imagine the ISP's routers would drop that stuff.
> > Another thought occurs to me: When you tried the source NAT, did you
> > try setting the source address to the address of the incoming router rather
> > than the address of the firewall's interface? Presumably the returning
> > packets would then get routed to the right interface...
> > --
> > Irish Linux Users' Group: ilug at linux.ie
> > http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> > List maintainer: listmaster at linux.ie
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie
More information about the ILUG