On Monday 27 May 2002 4:28 pm, Dick Visser wrote: > On Mon, 27 May 2002, Antony Stone wrote: > > Second packet (SYN-ACK) is from 192.168.0.11 to 213.84.165.198. Good. > > > > Source MAC address is 00:D0:B7:74:17:FD. This is your web server, I'm > > sure. > > > > However, the destination MAC address is 00:06:5B:3A:60:7D. > > > > What is this machine ??? It sure isn't your firewall - that's why the > > firewall is showing [UNREPLIED] in its connection tracking table - the > > packets are going to some other ethernet address on the network. > > Duh, this is the internal ethercard (192.168.0.1) of our production > firewall..... > The one I am trying to configure now is a test machine.
Okay - I now see the bit I didn't realise earlier..... You are contacting a webserver on address 192.168.0.11 You are trying to do it through a test firewall. The default gateway of the webserver is 192.168.0.1 - the production firewall. Therefore all reply packets from the webserver are going through the other machine, which is why the test one never sees them, and never sends them back to the external client. The production firewall will not do anything useful with the reply packets either, because it has no idea what they are replies to ! To make this work you will need to set the default gateway of your web server to the firewall you want it to send packets through - in this case the test machine (which I still don't know the internal address of :-) Hope this explains what's been going on. Antony.
