We just went to replace the bridge/firewall services one one server with
the same on another. It's pretty simple, and I literally cloned (w/ rsync)
a third server that does this onto the one that will be the new one. Then
copied the /etc/sysconfig/iptables from the one being replaced, and
brought it up this morning.
Nope. We had to put everything back the way it was.
The new one sees the two or three servers behind the firewall, and we can
ping them, from the new box. On one, we see IPP broadcasts; in fact, we
see lots of broadcast packets using tcpdump. From outside, though, you
can't see the servers. Trying to ping them, they see nothing. It seems to
be the case that tcp and icmp packets are blocked, and we can't figure out
why.
CentOS 5.6.
ifcfg-eth0
DEVICE=eth0
BRIDGE=br3
BOOTPROTO=dhcp
HWADDR=aa:bb:cc:dd:ee:ff
ONBOOT=yes
ifcfg-eth1
DEVICE=eth1
BRIDGE=br3
HWADDR=aa:bb:cc:dd:ee:gg
ONBOOT=yes
ifcfg-br3
DEVICE=br3
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR=<our ip>
NETMASK=255.255.254.0
NETWORK=<our nw>
GATEWAY=<our gw>
Any ideas?
mark