Hi guys, thanks for your replies.
@aoakeley - Thanks, the change you suggested to the NAT now allows a successful ping from the webserver consoles out to the internet![:-)]( "Smile")
@anav - Sorry if my post wasn't clear enough, I am new to this and obviously wrongly assumed that the fixed IPs and bridges were obvious in the config.
For clarity, the Brsk line uses DHCP and has no fixed internet IP. The Cerberus line uses PPPoE and has 3 available static IPs ending 77, 78 and 79, each of which are NATted through on ports 80 and 443 to different webservers. As I said in my initial post, if someone on the internet accesses one of the websites hosted on these servers, they do receive a reply (all be it VERY slowly) so the reply traffic IS leaving by the Cerberus line as expected.
By "trying t to out themselves" I mean if the webservers try to access the intenet in their own right rather than replying to an externally initiated session. For instance on of the webservers talks to the ebay API to retrieve data but even though the ping now works these API calls fail as no reply is received from ebay. There has been no coding change and it works if I remove the mangle telling the 192.168.0.0/24 subnet to go out via Cerberus.
Ether2 is in LAN_bridge on it's own on subnet 192.168.1.0/24. Ether 3 and 4 are on DMZ_Bridge on subnet 192.168.0.0/24 so yes, they are separate subnets.
So my problem persists, although I can now ping the internet from the Webservers, they are unable to retrieve data from the internet themselves and anyone using the websites from the internet gets unuseably slow responses from the webservers though they do evenutally respond (a minute to fully load a page tha normally takes a second).
Thanks for the link to the article but it's about VLANs and I don't use VLANs
@aoakeley - Thanks, the change you suggested to the NAT now allows a successful ping from the webserver consoles out to the internet
@anav - Sorry if my post wasn't clear enough, I am new to this and obviously wrongly assumed that the fixed IPs and bridges were obvious in the config.
For clarity, the Brsk line uses DHCP and has no fixed internet IP. The Cerberus line uses PPPoE and has 3 available static IPs ending 77, 78 and 79, each of which are NATted through on ports 80 and 443 to different webservers. As I said in my initial post, if someone on the internet accesses one of the websites hosted on these servers, they do receive a reply (all be it VERY slowly) so the reply traffic IS leaving by the Cerberus line as expected.
By "trying t to out themselves" I mean if the webservers try to access the intenet in their own right rather than replying to an externally initiated session. For instance on of the webservers talks to the ebay API to retrieve data but even though the ping now works these API calls fail as no reply is received from ebay. There has been no coding change and it works if I remove the mangle telling the 192.168.0.0/24 subnet to go out via Cerberus.
Ether2 is in LAN_bridge on it's own on subnet 192.168.1.0/24. Ether 3 and 4 are on DMZ_Bridge on subnet 192.168.0.0/24 so yes, they are separate subnets.
So my problem persists, although I can now ping the internet from the Webservers, they are unable to retrieve data from the internet themselves and anyone using the websites from the internet gets unuseably slow responses from the webservers though they do evenutally respond (a minute to fully load a page tha normally takes a second).
Thanks for the link to the article but it's about VLANs and I don't use VLANs
Statistics: Posted by chrisb67 — Wed Feb 07, 2024 10:08 pm