SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004342: Endian configured as a gateway redirects traffic through the default gateway even on the same network. - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004342Endian FirewallNetwork related (VPN, uplinks)public2012-04-27 19:432012-11-14 18:03
cemendes 
 
normalmajoralways
acknowledgedopen 
2.5 
 
0004342: Endian configured as a gateway redirects traffic through the default gateway even on the same network.
Box A - IP 192.168.10.10
MAC 00:24:d7:94:d3:38 (Windows Client)

Box B - IP 192.168.10.2
MAC 00:0c:29:0f:c8:56 (Endian 2.5.1)

Box C IP 192.168.10.1
MAC 00:50:56:22:ca:c0 (Default Gateway)

BOX B has only one interface and the virtual red interface is configured as a gateway pointing to BOX C.

When I ping BOX B from BOX A, BOX B issues a ICMP redirects and send my connection through the BOX C. The gateway(also a firewall) is tolerant with ICMP packets. However, it is not very kind with other packets in the same situation as when I try to access Endian web interface, the firewall blocks the connection. Since the gateway is also a firewall, it thinks someone is spoofing the network and blocks the packets. This behavior is not correct since both BOX A and B are on the same network and must not rely on BOX C (default gateway) to communicate to each other. This issue was introduced on 2.5.1(perhaps 2.5, I haven't test it). I cannot reproduce this problem with 2.4.1 which works perfectly. Enclosed, you can find a lan trace taken on BOX A.
No tags attached.
Issue History
2012-04-27 19:43cemendesNew Issue
2012-04-27 19:56cemendesNote Added: 0007847
2012-05-18 12:41daniele-endianRelationship addedchild of 0004360
2012-07-31 11:28lorenzo-endianNote Added: 0007978
2012-07-31 11:28lorenzo-endianStatusnew => acknowledged
2012-11-14 16:30mtpcostaNote Added: 0008307
2012-11-14 16:36mtpcostaNote Edited: 0008307bug_revision_view_page.php?bugnote_id=8307#r15
2012-11-14 18:03cemendesNote Added: 0008308

Notes
(0007847)
cemendes   
2012-04-27 19:56   
I had to place the trace in a ftp website, since it was too big to attach here.

ftp.novell.com/outgoing/icmp2-trace.pcap
(0007978)
lorenzo-endian   
2012-07-31 11:28   
hi cemendes,

i would inform you that this bug has been resolved in the last enterprise packages... i hope we can release soon the fix for the community edition too..

one question, only because I am curious: do you use the community inside the Novell business network of just for personal testing? :)

thanks a lot for reporting the issue and for supporting us!

Lo
(0008307)
mtpcosta   
2012-11-14 16:30   
(edited on: 2012-11-14 16:36)
Hi, I have the same problem.
Is there a way to solve?

Thanks,

(0008308)
cemendes   
2012-11-14 18:03   
Thanks, Lorenzo. I work for Novell but, I use Endian at my home. :-)