I have problems when I connect multiple zones on the same switch. How to solve this?

Email to friend

Add comment

Votes: 0

Comments: 0

Posted: 23 May, 2007
by: Warasin P.

Updated: 23 May, 2007
by: Warasin P.

First of all, it is no good idea to connect multiple zones on the same switch (or phsysical network). Zones are meant to physically separate your networks in order to have extra security.

But one may have good reasons to do so.
If you connect multiple zones on the same switch it is not predefined with the current kernel configuration, which interface will receive packets to an ip addresses of a zone, since the ip addresses will be owned by the firewall itself and not by the interface.

In order to change this behaviour log in to the firewall and call the following:

echo 2 > /proc/sys/net/ipv4/conf/*/rp_filter

If you like to have this executed at boot time, edit the file /var/efw/inithooks/start.local
and insert the following:

#!/bin/sh
echo 2 > /proc/sys/net/ipv4/conf/*/rp_filter

Others in this Category

	Why is port 113 open by default?
	Pressing F5 does not refresh a stale webpage
	Is there a way to stop sending mail to the user when POP3 Proxy has marked the email as Spam?
	Why can't I block connections from clients with the outgoing firewall which pass a proxy?
	Proxy analysis report and Log summary gives me no reports but an error message?
	When i download a large file over http proxy the transfer stop and the file don't full download.
	Endian Firewall boots from my daily backup USB stick / from my UMTS modem USB stick !?!
	Why is whitelist not working with http proxy authentication / contentfilter / antivirus?