Go Premium for a chance to win a PS4. Enter to Win


traffic not getting through virtual firewall

Posted on 2009-07-10
Medium Priority
Last Modified: 2012-05-07
Hi All,

I've been trying for some time to repair a virtual firewall to allow traffic through to our internal network.  To give you a little background we have a dell power edge server running windows 2003 64 bit. The machine has 3 NIC cards, 1 is directly attached to our Comcast modem and it has the VMware bridge protocol enabled. The other two cards are tied directly into our local switch. 1 of these 2 has the bridge protocol enabled and the other is for the host machine.  We originally had 3 virtual machines running. 1 windows 2003 SBS server, 1 Endian firewall community server and 1 Linux based spam filter all working in perfect harmony.

I say it was perfect until we switched internet service providers.  For some reason every since I updated the ip info within the Endian firewall we have not been able to get traffic to pass through. I have tried rebuilding the firewall, I have tried replacing the firewall with other solutions such as smoothwall and ipcop, all with no success. I even tried upgrading the software from vmware 1 to vmware 2.0.  

The adapter configuration for the firewall is as follows:

the green interface is set to bridge mode and the red interface is tied in to VMnet4 which is bridged directly with the NIC that is connected to the Comcast modem,

Im pretty confident it doesn't have to do with the firewall configuration itself.  The reason i believe this is because I was able to bring up a virtual windows xp machine, assign the adapter the external IP info and RDP directly into the machine over the wan. I could be wrong on this estimation and am open to any suggestions you have to offer.

Question by:breynolds01
  • 3
  • 2
LVL 21

Expert Comment

ID: 24824544
If you say red and green interface, I am assuming your talking about Smoothwall here, but this is my experience:
If you change IP on the Smoothy, you need to restart SQUID on the firewall. Since I'm a bit of linux noob - i restart the PC thereafter.
But other things to consider:
1) Does your firewall itself have connectivity to the Internet.  From your Firewall, can you do namelookups ..eg. nslookup www.google.com or ping www.google.com  If you get responses ... then at least you know that your Firewall is working and something else needs to be looked at. With Smoothy also, your squid configuration needs to allow IP ranges to use it's services on the Green Interface.
2) Since you running everything on Windows ... could your firewall on the Windows Host, allow access just for your old ISP IP? That could be blocking things also? Probably not since the Windows XP VM worked..

Author Comment

ID: 24824589
The smooth wall is a clean installation.  The one that i did change the external ip in was the endian firewall. The funny thing is... I am able to get all outbound connections through the smoothwall or any other software firewall that I have tried.  Its only incoming that I cant get to work.  My gut tells me that there is something blocking it, but I cant for the life of me figure out what it is.  

The windows firewall is turned off FYI
LVL 21

Expert Comment

ID: 24831573
What traffic needs to get into your LAN?
This is stupid possibility, but does the modem itself have a firewall? I don't know if your new ISP gave you a new modem? But it's a stupid question from me...

Author Comment

ID: 24832066
The Internet Modem Does have the capability to have a firewall on, but it is currently disabled. I have verified this a couple of time because I had the same thought.

We need to get basic traffic through the firewall (RDP, HTTP, SMTP)

as a new twist i have run tcpdump via the smoothwall shell to verify that traffic is getting into the firewall and getting to the green adapter but I cant figure out whats happening from there

Accepted Solution

breynolds01 earned 0 total points
ID: 24964576
I ended up resetting all the virtual networks and remapping the virtual bridges and now it is working

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question