Cannot talk to Firewall through BWM from the LAN side

Started by nicks

Cannot talk to Firewall through BWM from the LAN side   30 March 2015, 10:27

This has been a problem ever since we upgraded from 2.? to 3.? and I am finally getting around to asking about it now...

Our configuration is currently:
Internet (WAN) -> Firewall (10.150.0.1) -> BWM NIC 1 (10.150.0.2) /(Softperfect Bridge)\ BWM NIC 2 (10.150.0.3) -> LAN Switch -> rest of network (LAN)

Our firewall uses a program in order to access it (Watchguard if it matters). When I am on the LAN side I can not communicate through the BWM to the firewall in order to manage it. If I plug the firewall directly into the LAN switch, everything works fine so I know the problem is communicating through the firewall.

I tried some of the techniques here: [www.softperfect.com]

But I still can not get it to work. At this point I have cleared all of the changes I have made (back to auto metric, cleared the routing table, etc...) so I am starting from scratch again. Any suggestions on how I can get through the BWM to my firewall?

Thanks
-Nick
SoftPerfect Support forum - Andrew avatar image

Re: Cannot talk to Firewall through BWM from the LAN side   30 March 2015, 11:13

The metrics and routing have effect only if you communicate with NIC1 or NIC2. For pass-through traffic, that shouldn't make any difference.

What about pinging the firewall from the LAN side? If that doesn't work, what about the next hop, the WAN router?

Re: Cannot talk to Firewall through BWM from the LAN side   31 March 2015, 04:17

Fixed it!

Ping the firewall - No response. I also tried a port scan and got nothing back as well, and I know of several ports that are open because I opened them myself.

WAN Router - We do not have a router per se, the firewall is directly plugged into a Satellite internet modem. That modem has an internal IP address of 192.168.0.1 which I can access.

I also just tested Disable All Rules and still could not get a connection or ping.

Finally, I just physically removed the BWM computer from the loop and plugged by LAN Switch directly into the Firewall and I could log-in with the Firewall management program and I could also ping the Firewall from inside the LAN.

So I just went through the settings in BWM and the "Ignore local traffic was selected. When I un-checked that box, everything worked fine.

So am I going to run into problem now that I have that un-checked?

-Nick
SoftPerfect Support forum - Andrew avatar image

Re: Cannot talk to Firewall through BWM from the LAN side   31 March 2015, 15:50

Ah, that's what the problem was. It's a common issue and we added a warning about it in version 3.0.9.

Basically due to the way traffic processing is implemented, when the "Ignore LAN traffic" selected, bridging doesn't work correctly for local addresses. That's why the modem was accessible, while the firewall was not. If you turn the "Ignore LAN traffic" option off, you won't run into any issues as it simply has no effect in your scenario.

This option is useful, for example, when BM is installed on a file server and you need to let users access the server's files at Gigabit speeds. In that case turning this option handles local traffic in the kernel, without passing it to the bandwidth control routines, which allows fast local transfers.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **   ******    **    **  **     **  ******** 
 **     **  **    **   **   **   **     **     **    
 **     **  **         **  **    **     **     **    
 **     **  **   ****  *****     **     **     **    
 **     **  **    **   **  **    **     **     **    
 **     **  **    **   **   **   **     **     **    
  *******    ******    **    **   *******      **    

Message: