|
|
sofaware.infopop.cc SofaWare Discussion Groups Internet Security Appliances VLANs and "spoofed IP" messages|
Go
|
New
|
Find
|
Notify
|
Tools
|
Reply
|
|
Junior Member |
Hi,
I have a Safe@Office 225 box, running version 6.0.57x (I just signed up with my internet provider for subscription updates, so I assume that they'll update the version soon). Up until now I have port 1 connected to the switch where all the workstations are connected to, no VLAN, everything works fine. Now I am experimenting with attaching 2 machines to ports 2 & 3, making a VLAN on each port (named VLAN2 and VLAN3), and making rules to allow certain data transfer between those 2 VLANs. For testing purposes I have allowed any type of traffic between these 2 VLANs, and I am testing by pinging the IP of the machine on VLAN 2 from the machine on VLAN3. I see that the ping gets to the machine on VLAN2 (the log notes that the packet was passed due to a rule, and received packet count increases on VLAN2's NIC), but ping doesn't get answered. The log notes that packets from machine on VLAN2 are blocked, and notes that that machine has a "spoofed IP". When pinging the opposite direction - nothing gets through and nothing gets noted in the log. By the way, the NICs of both machines attached to these VLAN ports are the second NIC in each machine. The 1st NIC in VLAN2's machine is attached to the DMZ, and the 1st NIC in VLAN3's machine is a Win2003 server which is attached to the main switch which is then attached to port1. I am trying to securely update info on the VLAN2 machine from the server, and my idea was to have them securely transfer data (which will be restricted later by port) while keeping the VLAN2 machine isolated from the network and accessible to everybody else only from the DMZ. Why is the IP on the VLAN2 machine being detected as spoofed? I tried adding it as a machine in the Safe@office box. Thanks, -Michael |
||
|
|
Member |
Hello,
using the sniffer tools from the safe@ could you check which ip is used on machine in VLAN2 ? BRgds, Fabien |
|||
|
|
Junior Member |
Fabien,
Thanks for your reply. I neglected to post that I had resolved the issue... I was using a /29 subnet mask, because my original desire (before I started using a VLAN)was to restrict the possibility of a rogue machine somehow posing as being on the same subnet. I triple-checked that I was using valid addresses for this subnet mask. Later I realized that due to the VLAN and my topology there is no need for that, so I went to a simple /24 subnet mask. Since I changed the mask, I am able to communicate between the 2 machines without getting "spoofed IP" errors. Thanks for your desire to help. -Michael |
|||
|
| Previous Topic | Next Topic | powered by eve community |
 | Please Wait. Your request is being processed... |
|
|||
| Site | sofaware.infopop.cc | ||
| Servlet | eve2da005 | ||
| Version | 1.2.22 build 9062 | ||
| Module | Forums 4.0.3 | ||
| Stylesheet | "SofaWare Forums" | ||
| Wordlet Set | "Default Wordlet Set" | ||
|
sofaware.infopop.cc SofaWare Discussion Groups Internet Security Appliances VLANs and "spoofed IP" messages | View $GS_USERNAME's Public Profile |
| Add $GS_USERNAME to my Buddies |
| Add $GS_USERNAME to my Ignore List |
| View Recent Posts by $GS_USERNAME |
| Notify me of New Posts by $GS_USERNAME |
