Professional Web Applications Themes

y network/dmz problem - FreeBSD

here in our office we have a firewall running Firewall-1 (it is administered remotely from another office in another country). It is set up with a dmz so I can host a web server (which is running IIS), but it works. I am now adding another web server, running Apache/FreeBSD. Problem is the FBSD box does not ping anything. The IIS box can ping the FBSD box and get a response from it. I have used the same network settings on the FBSD box that are on the IIS box, changing only the ipaddress. I don't understand why the FBSD ...

  1. #1

    Default y network/dmz problem

    here in our office we have a firewall running Firewall-1 (it is
    administered remotely from another office in another country). It is set
    up with a dmz so I can host a web server (which is running IIS), but it
    works. I am now adding another web server, running Apache/FreeBSD. Problem
    is the FBSD box does not ping anything. The IIS box can ping the FBSD box
    and get a response from it. I have used the same network settings on the
    FBSD box that are on the IIS box, changing only the ipaddress. I don't
    understand why the FBSD box only responds with network not found when
    trying to ping anything. Now the IIS box is not a member of any network,
    it is it's own workgroup called DMZ. Is the problem that the FBSD box
    needs to be a member of the workgroup DMZ? And if so, how do I get it
    there?

    Regards,
    Chip
    Chip Guest

  2. #2

    Default Re: y network/dmz problem

    The first thing I would check is that it's the BSD box that you are
    actually pinging. I'd try unplugging it and trying the ping again from
    the IIS box. Barring that, I would double and triple check the network
    mask on the BSD box. Also, make sure you don't have some y firewall
    rules on the BSD server that prevent outbound pings.
    Next, look at the output of 'netstat -rn'
    You should see entries for the default gateway as well as your local
    network. If all looks good there, check your arp table with arp -a. If
    you don't see anything there, it's probably a layer 1 or 2 problem
    (cabling/vlan).
    There are many many possibilities for what could be wrong, but it's hard
    for us to say. Let us know what you find on those tests.

    Jerry
    http://www.syslog.org
     


    Jerry Guest

  3. #3

    Default Re: y network/dmz problem

    "Jerry Bell" <com> wrote on 04/04/2005 05:11:22 PM:
     
    firewall 

    Results of netstat -rn:
    destination gateway flags refs use netif
    default 157.237.165.1 ugs 0 122 fxp0
    127.0.0.1 127.0.0.1 uh 0 6 lo0
    157.237.165/29 link#1 uc 0 0 fxp0
    157.237.165.1 00:02:b3:a4:c2 uhlm 1 0 fxp0
     

    Results of arp -a:
    ?(157.237.165.1) at 00:02:b3:bd:c2 on fxp0 [ethernet]
    ?(157.237.165.2) at 00:0d:61:70:df on fxp0 [ethernet]
    ?(157.237.165.4) at 00:eo:18:c2:12 on fxp0 [ethernet]
     

    There are 3 boxes on the dmz -
    157.237.165.2 is the IIS box. It gets no ping reply from the BSD box and
    the firewall. It does get a reply from the win2003 box. It has full
    internet access. It is a current, working, 'live' web server for
    authorized users only.
    157.237.165.4 is a WIN2003 box and it gets ping responses from the IIS box
    and the BSD box, no response from the firewall, and no internet access.
    157.237.165.5 is the BSD box, gets a ping response from the IIS box only,
    no response from the win2003 box, or firewall, and no internet access.
    (157.237.165.1 is the firewall dmz nic itself, the gateway for all 3
    boxes)

    I'm guessing that there is a rule on the firewall that has closed the
    internet connection for these two additional boxes. The IIS was the first
    to be set up a year of so ago. There must also be a rule on the firewall
    that drops all incoming ping requests.
    Questions from the above:
    Why does BSD box get reply from the IIS box, yet the IIS box get no reply
    from the BSD box?
    Why does the IIS box get reply from the Win2003 box, yet not from the BSD
    box?

    All 3 boxes have the same network setup, except for this: There is no
    'domain' for the 3 boxes. The IIS box is on its own workgroup DMZ, the
    win2003 box is its own domain 'test.local'. The BSD box has 'domain
    simrad.com' as the first line of resolv.conf. What are the implications of
    this?

    I will be sending a message to the firewall administrator in Norway (I am
    in the US) with the info above, maybe he can find something on the
    firewall to change to make everything work.
    I hope.
    Regards,
    Chip

     [/ref]
    set [/ref]
    it [/ref]
    Problem [/ref]
    box [/ref]
    the [/ref]
    network, 
    >
    >[/ref]

    Chip Guest

Similar Threads

  1. Flash 8 & PHP Form = y HTML Email
    By mckooken in forum Macromedia Flash Data Integration
    Replies: 0
    Last Post: February 9th, 08:29 PM
  2. FMS network problem
    By Unknowner in forum Macromedia Flash Flashcom
    Replies: 9
    Last Post: January 26th, 12:18 AM
  3. y fill colors when exporting
    By Nader_Entezarjou@adobeforums.com in forum Adobe Illustrator Windows
    Replies: 0
    Last Post: April 14th, 02:30 PM
  4. y fonts on timeline on a mac?
    By Wifty webforumsuser@macromedia.com in forum Macromedia Director Basics
    Replies: 0
    Last Post: November 6th, 01:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139