Quote:
The reason you can't do that, as I've said many times, is that it's the firewall (or probably, more precisely, the NATting) that's causing the problem, not the routing. If you didn't have the firewall/NAT in place, it would all work fine as you configured it. Since it's the firewall/NAT that's causing the problem, you have to fix the firewall/NAT to fix the problem.


That's not consistent with observed behaviour.

The reason I'm having this problem is that my site has TWO external NICs, with individual external IP addresses. To make that work, I had to add source routing rules, to ensure that connections initiated on one of those external NICs, would have their entire connection happen on that same NIC. Otherwise, clients from the internet were unable to visit my servers.

But a consequence of using those routing entries, was that it cut off access to my external IP addresses from within our internel LAN. Even with all firewall rules removed, and the policies set to ACCEPT, internal clients were still unable to access the external IP addresses. EDIT: there is no NAT happening for LAN access to servers running on my external IP addresses.

When I only had one external NIC, the routing table was much simpler, with no source based routing entries. So my internal LAN clients had no issues accessing the external IPs.

So, I've fixed it with a firewall rule kludge, simply because that's the hammer I (mostly) understand. But a routing table fix would be far better.

Cheers


Edited by mlord (11/11/2005 15:50)