[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Strange Problem with trunk
Hello, I have a strange problem with setting up a two ports of a dualport card as trunk and using security server for http content checking. We have CP FW1 running on a RH6.2 Linuxbox with some Dual-Port Intel® PRO/100+ Dual Port Server adapter. For better performance two ports of one adapter are configured as a FEC-trunk using the ians-module from Intel. The name of this virtual interface is trunk1 (real interface eth1 and eth2) and this is the internal interface. Everything works fine until we decided to use http content checking (because of CR). Now all http-connections from inside to outside are dropped and the logviewer shows that the returnpacket is dropped because of the last rule (drop ANY to ANY). But it cannot be a returnpacket because no packet reaches the destination. If I create such rule (WEBSERVER -> HTTP-CLIENT SERVICE: tcp-high-ports) with logging, then I see that this rule is matched before the content checking rule (ANY -> ANY SERVICE: http->with resource). HTTP-Connections from other interfaces (no FEC-trunks) works fine. Because the logviewer shows the interfacename eth1 or eth2 when the return packet is dropped, I thought it is a problem of the trunk and after configuring this interface normal (no trunk only one port named eth1) everything works fine. So, has anyone experienced this problem and how can I solve the problem ??? Best regards Daniel Fitzner ------------------------------------------------------------------------ ---- --------- Daniel Fitzner IT-Services T-Systems debis Systemhaus GEI GmbH / GS Berlin debis Haus am Potsdamer Platz 10875 Berlin mail: [email protected] fon: +49 30 2554-3266 fax: +49 30 2554-3187 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|