Hello everyone, I'm new to the Untangle forums, though I've been lurking all week trying to find a resolution to my issue to no avail.
Here's a little background:
We've currently got Untangle in place between our LAN and firewall, and it's working great. The firewall is ancient however, and we've purchased a new fancy firewall to replace it. This is my job. I've put our new firewall in place on our LAN, and would like to start moving workstations over to use it as the gateway so I can begin phasing out the old one.
So with my laptop setup as a test, using the new firewall as the gateway, I've set static routes in the new firewall to point to the old firewall for all the networks we will need to access. Here's where it gets sticky. When I try and access our mail server on our DMZ (or any other non-local network resource, I can't get to it. The static route in the new firewall sends all 172.16.0.0/24 traffic to 192.168.3.252
After many packet captures and tcpdumps, I've determined that the return traffic isn't making it BACK through the Untangled box. I attached a diagram... Each arrow represents traffic that I can SEE and VERIFY with either packet-captures or tcpdumps.
Capture.PNG
Here's where it gets funny -- If I put a static route in Untangle for 192.168.1.216/32 with a gateway of 192.168.3.254 (new firewall), everything works.
Why won't Untangle just send the return traffic to the host on the local LAN without first routing it back through the new firewall?
**Edit**
I also included a screenshot of my interfaces from Untangle in the diagram above. We are bridging.
In addition - If clients use 192.168.3.252 as the gateway, communication with the mail server is fine.
**Edit 2**
Could it have something to do with differing MAC addresses? Since the outgoing traffic would have a source MAC of the new firewall, and the destination of the final leg of the return traffic would be the actual MAC of 192.168.1.216.
Here's a little background:
We've currently got Untangle in place between our LAN and firewall, and it's working great. The firewall is ancient however, and we've purchased a new fancy firewall to replace it. This is my job. I've put our new firewall in place on our LAN, and would like to start moving workstations over to use it as the gateway so I can begin phasing out the old one.
So with my laptop setup as a test, using the new firewall as the gateway, I've set static routes in the new firewall to point to the old firewall for all the networks we will need to access. Here's where it gets sticky. When I try and access our mail server on our DMZ (or any other non-local network resource, I can't get to it. The static route in the new firewall sends all 172.16.0.0/24 traffic to 192.168.3.252
After many packet captures and tcpdumps, I've determined that the return traffic isn't making it BACK through the Untangled box. I attached a diagram... Each arrow represents traffic that I can SEE and VERIFY with either packet-captures or tcpdumps.
Capture.PNG
Here's where it gets funny -- If I put a static route in Untangle for 192.168.1.216/32 with a gateway of 192.168.3.254 (new firewall), everything works.
Why won't Untangle just send the return traffic to the host on the local LAN without first routing it back through the new firewall?
**Edit**
I also included a screenshot of my interfaces from Untangle in the diagram above. We are bridging.
In addition - If clients use 192.168.3.252 as the gateway, communication with the mail server is fine.
**Edit 2**
Could it have something to do with differing MAC addresses? Since the outgoing traffic would have a source MAC of the new firewall, and the destination of the final leg of the return traffic would be the actual MAC of 192.168.1.216.