Solved

traffic not getting through virtual firewall

Posted on 2009-07-10
5
539 Views
Last Modified: 2012-05-07
Hi All,

I've been trying for some time to repair a virtual firewall to allow traffic through to our internal network.  To give you a little background we have a dell power edge server running windows 2003 64 bit. The machine has 3 NIC cards, 1 is directly attached to our Comcast modem and it has the VMware bridge protocol enabled. The other two cards are tied directly into our local switch. 1 of these 2 has the bridge protocol enabled and the other is for the host machine.  We originally had 3 virtual machines running. 1 windows 2003 SBS server, 1 Endian firewall community server and 1 Linux based spam filter all working in perfect harmony.

I say it was perfect until we switched internet service providers.  For some reason every since I updated the ip info within the Endian firewall we have not been able to get traffic to pass through. I have tried rebuilding the firewall, I have tried replacing the firewall with other solutions such as smoothwall and ipcop, all with no success. I even tried upgrading the software from vmware 1 to vmware 2.0.  

The adapter configuration for the firewall is as follows:

the green interface is set to bridge mode and the red interface is tied in to VMnet4 which is bridged directly with the NIC that is connected to the Comcast modem,

Im pretty confident it doesn't have to do with the firewall configuration itself.  The reason i believe this is because I was able to bring up a virtual windows xp machine, assign the adapter the external IP info and RDP directly into the machine over the wan. I could be wrong on this estimation and am open to any suggestions you have to offer.

0
Comment
Question by:breynolds01
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:za_mkh
Comment Utility
If you say red and green interface, I am assuming your talking about Smoothwall here, but this is my experience:
If you change IP on the Smoothy, you need to restart SQUID on the firewall. Since I'm a bit of linux noob - i restart the PC thereafter.
But other things to consider:
1) Does your firewall itself have connectivity to the Internet.  From your Firewall, can you do namelookups ..eg. nslookup www.google.com or ping www.google.com  If you get responses ... then at least you know that your Firewall is working and something else needs to be looked at. With Smoothy also, your squid configuration needs to allow IP ranges to use it's services on the Green Interface.
2) Since you running everything on Windows ... could your firewall on the Windows Host, allow access just for your old ISP IP? That could be blocking things also? Probably not since the Windows XP VM worked..
0
 
LVL 2

Author Comment

by:breynolds01
Comment Utility
The smooth wall is a clean installation.  The one that i did change the external ip in was the endian firewall. The funny thing is... I am able to get all outbound connections through the smoothwall or any other software firewall that I have tried.  Its only incoming that I cant get to work.  My gut tells me that there is something blocking it, but I cant for the life of me figure out what it is.  

The windows firewall is turned off FYI
0
 
LVL 21

Expert Comment

by:za_mkh
Comment Utility
What traffic needs to get into your LAN?
This is stupid possibility, but does the modem itself have a firewall? I don't know if your new ISP gave you a new modem? But it's a stupid question from me...
0
 
LVL 2

Author Comment

by:breynolds01
Comment Utility
The Internet Modem Does have the capability to have a firewall on, but it is currently disabled. I have verified this a couple of time because I had the same thought.

We need to get basic traffic through the firewall (RDP, HTTP, SMTP)

as a new twist i have run tcpdump via the smoothwall shell to verify that traffic is getting into the firewall and getting to the green adapter but I cant figure out whats happening from there
0
 
LVL 2

Accepted Solution

by:
breynolds01 earned 0 total points
Comment Utility
I ended up resetting all the virtual networks and remapping the virtual bridges and now it is working
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now