This has been a problem ever since we upgraded from 2.? to 3.? and I am finally getting around to asking about it now...
Our configuration is currently:
Internet (WAN) -> Firewall (10.150.0.1) -> BWM NIC 1 (10.150.0.2) /(Softperfect Bridge)\ BWM NIC 2 (10.150.0.3) -> LAN Switch -> rest of network (LAN)
Our firewall uses a program in order to access it (Watchguard if it matters). When I am on the LAN side I can not communicate through the BWM to the firewall in order to manage it. If I plug the firewall directly into the LAN switch, everything works fine so I know the problem is communicating through the firewall.
I tried some of the techniques here: https://www.softperfect.com/products/bandwidth/manual/bridging.htm
But I still can not get it to work. At this point I have cleared all of the changes I have made (back to auto metric, cleared the routing table, etc...) so I am starting from scratch again. Any suggestions on how I can get through the BWM to my firewall?
Thanks
-Nick
All Forums
> Bandwidth Manager
> Current topic
Cannot talk to Firewall through BWM from the LAN side
Started by nicks
Cannot talk to Firewall through BWM from the LAN side 30 March 2015, 09:27 |
Registered: 11 years ago Posts: 13 |
|
Re: Cannot talk to Firewall through BWM from the LAN side 30 March 2015, 10:13 |
Admin Registered: 19 years ago Posts: 3 599 |
Re: Cannot talk to Firewall through BWM from the LAN side 31 March 2015, 03:17 |
Registered: 11 years ago Posts: 13 |
Fixed it!
Ping the firewall - No response. I also tried a port scan and got nothing back as well, and I know of several ports that are open because I opened them myself.
WAN Router - We do not have a router per se, the firewall is directly plugged into a Satellite internet modem. That modem has an internal IP address of 192.168.0.1 which I can access.
I also just tested Disable All Rules and still could not get a connection or ping.
Finally, I just physically removed the BWM computer from the loop and plugged by LAN Switch directly into the Firewall and I could log-in with the Firewall management program and I could also ping the Firewall from inside the LAN.
So I just went through the settings in BWM and the "Ignore local traffic was selected. When I un-checked that box, everything worked fine.
So am I going to run into problem now that I have that un-checked?
-Nick
Ping the firewall - No response. I also tried a port scan and got nothing back as well, and I know of several ports that are open because I opened them myself.
WAN Router - We do not have a router per se, the firewall is directly plugged into a Satellite internet modem. That modem has an internal IP address of 192.168.0.1 which I can access.
I also just tested Disable All Rules and still could not get a connection or ping.
Finally, I just physically removed the BWM computer from the loop and plugged by LAN Switch directly into the Firewall and I could log-in with the Firewall management program and I could also ping the Firewall from inside the LAN.
So I just went through the settings in BWM and the "Ignore local traffic was selected. When I un-checked that box, everything worked fine.
So am I going to run into problem now that I have that un-checked?
-Nick
|
Re: Cannot talk to Firewall through BWM from the LAN side 31 March 2015, 14:50 |
Admin Registered: 19 years ago Posts: 3 599 |
Ah, that's what the problem was. It's a common issue and we added a warning about it in version 3.0.9.
Basically due to the way traffic processing is implemented, when the "Ignore LAN traffic" selected, bridging doesn't work correctly for local addresses. That's why the modem was accessible, while the firewall was not. If you turn the "Ignore LAN traffic" option off, you won't run into any issues as it simply has no effect in your scenario.
This option is useful, for example, when BM is installed on a file server and you need to let users access the server's files at Gigabit speeds. In that case turning this option handles local traffic in the kernel, without passing it to the bandwidth control routines, which allows fast local transfers.
Basically due to the way traffic processing is implemented, when the "Ignore LAN traffic" selected, bridging doesn't work correctly for local addresses. That's why the modem was accessible, while the firewall was not. If you turn the "Ignore LAN traffic" option off, you won't run into any issues as it simply has no effect in your scenario.
This option is useful, for example, when BM is installed on a file server and you need to let users access the server's files at Gigabit speeds. In that case turning this option handles local traffic in the kernel, without passing it to the bandwidth control routines, which allows fast local transfers.