traffic not getting through virtual firewall

Posted on 2009-07-10
Last Modified: 2012-05-07
Hi All,

I've been trying for some time to repair a virtual firewall to allow traffic through to our internal network.  To give you a little background we have a dell power edge server running windows 2003 64 bit. The machine has 3 NIC cards, 1 is directly attached to our Comcast modem and it has the VMware bridge protocol enabled. The other two cards are tied directly into our local switch. 1 of these 2 has the bridge protocol enabled and the other is for the host machine.  We originally had 3 virtual machines running. 1 windows 2003 SBS server, 1 Endian firewall community server and 1 Linux based spam filter all working in perfect harmony.

I say it was perfect until we switched internet service providers.  For some reason every since I updated the ip info within the Endian firewall we have not been able to get traffic to pass through. I have tried rebuilding the firewall, I have tried replacing the firewall with other solutions such as smoothwall and ipcop, all with no success. I even tried upgrading the software from vmware 1 to vmware 2.0.  

The adapter configuration for the firewall is as follows:

the green interface is set to bridge mode and the red interface is tied in to VMnet4 which is bridged directly with the NIC that is connected to the Comcast modem,

Im pretty confident it doesn't have to do with the firewall configuration itself.  The reason i believe this is because I was able to bring up a virtual windows xp machine, assign the adapter the external IP info and RDP directly into the machine over the wan. I could be wrong on this estimation and am open to any suggestions you have to offer.

Question by:breynolds01
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 21

Expert Comment

ID: 24824544
If you say red and green interface, I am assuming your talking about Smoothwall here, but this is my experience:
If you change IP on the Smoothy, you need to restart SQUID on the firewall. Since I'm a bit of linux noob - i restart the PC thereafter.
But other things to consider:
1) Does your firewall itself have connectivity to the Internet.  From your Firewall, can you do namelookups nslookup or ping  If you get responses ... then at least you know that your Firewall is working and something else needs to be looked at. With Smoothy also, your squid configuration needs to allow IP ranges to use it's services on the Green Interface.
2) Since you running everything on Windows ... could your firewall on the Windows Host, allow access just for your old ISP IP? That could be blocking things also? Probably not since the Windows XP VM worked..

Author Comment

ID: 24824589
The smooth wall is a clean installation.  The one that i did change the external ip in was the endian firewall. The funny thing is... I am able to get all outbound connections through the smoothwall or any other software firewall that I have tried.  Its only incoming that I cant get to work.  My gut tells me that there is something blocking it, but I cant for the life of me figure out what it is.  

The windows firewall is turned off FYI
LVL 21

Expert Comment

ID: 24831573
What traffic needs to get into your LAN?
This is stupid possibility, but does the modem itself have a firewall? I don't know if your new ISP gave you a new modem? But it's a stupid question from me...

Author Comment

ID: 24832066
The Internet Modem Does have the capability to have a firewall on, but it is currently disabled. I have verified this a couple of time because I had the same thought.

We need to get basic traffic through the firewall (RDP, HTTP, SMTP)

as a new twist i have run tcpdump via the smoothwall shell to verify that traffic is getting into the firewall and getting to the green adapter but I cant figure out whats happening from there

Accepted Solution

breynolds01 earned 0 total points
ID: 24964576
I ended up resetting all the virtual networks and remapping the virtual bridges and now it is working

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMware Fail Over 6 47
vSAN Datastore usage on disk warning 3 90
Datacenter object VMWare 7 60
Why my host server dont ping gateway ? 6 49
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question