Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Strange Problem with trunk

To: "FW1-Mailinglist (E-Mail)" <[email protected]>
Subject: [FW1] Strange Problem with trunk
From: "Fitzner Daniel" <[email protected]>
Date: Thu, 9 Aug 2001 14:49:44 +0200
Sender: [email protected]
Thread-index: AcEg0cNw1VzFYOJzQ2uo5EBB2+LQRA==
Thread-topic: Strange Problem with trunk

Hello,

I have a strange problem with setting up a two ports of a dualport card
as trunk and using security server for http content checking.

We have CP FW1 running on a RH6.2 Linuxbox with some Dual-Port Intel®
PRO/100+ Dual Port Server adapter. For better performance two ports of
one adapter are configured as a FEC-trunk using the ians-module from
Intel. The name of this virtual interface is trunk1 (real interface eth1
and eth2) and this is the internal interface.

Everything works fine until we decided to use http content checking
(because of CR). Now all http-connections from inside
to outside are dropped and the logviewer shows that the returnpacket is
dropped because of the last rule (drop ANY to ANY).  But it cannot be a
returnpacket because no packet reaches the destination. If I create such
rule (WEBSERVER -> HTTP-CLIENT SERVICE: tcp-high-ports) with logging,
then I see that this rule is matched before the content checking rule
(ANY -> ANY SERVICE: http->with resource). HTTP-Connections from other
interfaces (no FEC-trunks) works fine.

Because the logviewer shows the interfacename eth1 or eth2 when the
return packet is dropped, I thought it is a problem of the trunk and
after configuring this interface normal (no trunk only one port named
eth1) everything works fine.

So, has anyone experienced this problem and how can I solve the problem
???


Best regards
Daniel Fitzner

------------------------------------------------------------------------
----
---------

Daniel Fitzner
IT-Services
T-Systems debis Systemhaus GEI GmbH / GS Berlin
debis Haus am Potsdamer Platz
10875 Berlin

mail: [email protected]
fon: +49 30 2554-3266
fax: +49 30 2554-3187

 





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Merging the database from v4.0 to v4.1 ...
Next by Date: Re: [FW1] Why is log viewer so lame ?!
Previous by thread: [FW1] Merging the database from v4.0 to v4.1 ...
Next by thread: [FW1] Using NAT Global Address to Internal Address
Index(es):
- Date
- Thread