Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Firewall dropping packets


Hi,

I'm having weird happenings on my firewall.

I have two ethernet connections, with this setup:

10.10.10.x LAN
     |
10.10.10.4 (eth0)
   Firewall
10.0.5.6 (eth1)
     |
10.0.5.10
   WAN
10.0.5.9
     |
10.0.5.5
   Firewall 2
10.0.1.x
     |
10.0.1.x LAN

The problem I'm having is forwarding data between the 10.0.5.6 eth1 to
the 10.10.10.x eth0. Packets are working fine for the rest of the
system.

On the firewall machine, I can successfully ping anything, anywhere.

The 10.10.10.x LAN cannot ping the system past 10.0.5.6 (which is
firewall) - every second packet is being dropped, no matter what the
size.

The 10.0.1.x LAN can ping to 10.0.5.6 also, but cannot ping past it.

The routing tables on the firewall say that the 10.0.5.x subnet is on
eth1, as is the 10.0.1.x subnet. I can ping these from the firewall so
that is working fine.

The routing tables on the firewall say that the 10.10.10.x subnet is on
eth0. I can ping these from the firewall also so that is working fine.

The ipchains rules (in, out, forward) accept the 10.x.x.x subnet on both
eth0 and eth1. These shouldn't be affecting it as half of the packets
get out. At least, the in and out are working fine - the forward one
isn't anything spectacular (accept 10.x.x.x on device eth0 or eth1)

For those interested, I need to have ipchains there as I have other
interfaces on this machine (three PPP dialups) that need firewalling.

Is there anything I've overlooked? This one is getting me beat.

Josh.