No announcement yet.

Optional Port on Firebox Troubles

  • Filter
  • Time
  • Show
Clear All
new posts

  • Optional Port on Firebox Troubles

    Everyone --

    I have been on here several times trying to get this firebox setup correctly. Thus far I have been very successful to get my trusted network protected by the firebox. Everything has been working great, I even think that the internet connection is a little faster now that I have all my IP settings correct.

    Until now I have only been working with the trusted interface on my firebox. This weekend I wanted to setup my webserver which is the whole reason I implemented the firebox. My network looks like this:

    On the trusted interface I am running a class B subnet. IP addresses used are in ranges and with the firebox having ip addresses and All this works fine!

    I want my webserver on a separate network and since there is only going to be the one server there I went with a class C network. So I gave the firebox optional port IP address of and the server and IP address of

    My problem is that the firebox keeps blocking all network traffic saying its a spoofing attack. I can see in the firebox logs the blocked attempts. The interesting thing is that it will show a source IP of but it shows a destination of Not sure where that destination is coming from.

    I did have this same problem on the trusted interface when I first setup the firebox. I soon discoverd it was because the second subnet was not listed in the "other networks" section of the firebox. Once I gave the firebox the second IP address on the trusted interface ( everything worked fine.

    What I don't understand this time is that the optional interface and the server are on the same subnet! I just can't figure out why all traffic is being blocked.

    If anyone can help me out with this I would appreciate it. I really want to get this thing fully opperational and I thought it would be a 10 minute job since the firewall has been working perfectly and since it is a pretty easy network design on the optional port.


  • #2
    Re: Optional Port on Firebox Troubles


    Ok so I was able to work out my internet connection problems with my webserver. I still can't ping the firebox from the webserver but I am able to access the internet and it is serving pages.

    I did end up having to setup two NAT entries for requests to be sent to he webserver. One to allow the packets in from the WAN to the external IP of the firebox and a second to allow packets from the external interface to the optional interface. I tried making one NAT entry from the WAN to the optional port, however, the requests come in from the WAN to the external side. When I setup only the one entry those packets were firewalled. Not sure if this is the best way to be doing it but, it was the only thing I could get to work.

    Any comments please let me know, otherwise this one is resolved!