Robert Spangler wrote: > On Monday 13 June 2011 14:02, the following was written: > >> We just went to replace the bridge/firewall services one one server >> with the same on another. It's pretty simple, and I literally cloned (w/ >> rsync) a third server that does this onto the one that will be the new >> one.Then copied the /etc/sysconfig/iptables from the one being >> replaced, and brought it up this morning. >> >> Nope. We had to put everything back the way it was. >> >> The new one sees the two or three servers behind the firewall, and we >> can ping them, from the new box. On one, we see IPP broadcasts; in fact, >> we see lots of broadcast packets using tcpdump. From outside, though, >> you can't see the servers. Trying to ping them, they see nothing. It >> seems to be the case that tcp and icmp packets are blocked, and we >> can't figure out why. > > Is the firewall IP or port based or a combo of both? > Is the firewall setup on the bridge interface or on each individual server > interface i.e., eth0, eth1 etc.. Not sure how to answer that. I'd say it's on the external interface. > > What does ifconfig show you? Are all the interfaces started? Do the DHCP > interfaces receive a DHCP address? Yep. And route shows *only* br3, and when I restart the network br3 brings up eth0 and eth1. mark