Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Network with 2 routers: TCP RST problem

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 27-03-2009
Member
 
Join Date: Feb 2009
Posts: 66
Network with 2 routers: TCP RST problem
  

Hello everyone,

I have a problem of communication between machines on a DMZ in router R1 and the machines using a router R2 as gateway. The configuration of my network is as follows:

DMZ (192.168.20.0) <----> R1 (DMZ: 192.168.20.1/24; LAN: 192.168.1.1/24; ALIAS IP: 192.168.0.1/24) <----> switch <--- -> R2 (LAN: 192.168.0.2/24)

For machines with the R2 gateway to access the DMZ from R1, I added a static route on R2 which redirects to 192.168.20 .* 192.168.0.1 (R1).

Unfortunately, the firewall blocks R2 me (no problem when it is off). The firewall I R2 generates TCP RST appears indicating that he did not receive the TCP SYNC (as if he used a triangular route). I do not like this is possible ...

Has anybody an idea?

Thank you

PS:I wish to state that all machines using R2 as a gateway are connected to the switch and the LAN ports of R2 and R1

Reply With Quote
  #2  
Old 27-03-2009
Member
 
Join Date: Oct 2008
Posts: 161
Re: Network with 2 routers: TCP RST problem

hi,

as you can sniff the feed?

as I see it: if your pc meet the dmz -> Routeur2 bridge, then routing table 1 bridge router, routing table as he reached the DMZ. On the return, it reaches R1, which forwards directly to your PC
So it does not back the 2nd router therefore interpretation of an attack

can you check if that's going on?
Reply With Quote
  #3  
Old 27-03-2009
Member
 
Join Date: Feb 2009
Posts: 66
Re: Network with 2 routers: TCP RST problem

I think that is indeed what happens. To verify this, I installed Wireshark (ethereal) on the PC on the LAN with R2 as gateway (IP: 192.168.0.4), here is the flow obtained when attempting to access a shared directory (Windows) from the machine in DMZ:

192.168.0.4 -> 192.168.20.6:445 TCP [SYN] (Destination: ZyxelCom_bb ... (R2))
192.168.0.4 -> 192.168.20.6:339 TCP [SYN] (Destination: ZyxelCom_bb ... (R2))
192.168.20.6 -> 192.168.0.4 TCP [SYN, ACK] (Source: ZyxelCom_7c ... (R1))
...

Thus, as seems to indicate the article ZyXel, R2 did not receive the SYN, ACK (as sent directly by R1) will trigger the TCP RST

Thus, a few milliseconds after the previous frame:

192.168.0.4 -> 192.168.20.6 TCP [RST]

However, with IP 192.168.1.1/24 assigned to the LAN of R1 I thought it does not transfer directly to PC with the same destination IP alias 192.168.0.1/24 (see article)

I admit that I do not know how ... Cybher an idea?
Reply With Quote
  #4  
Old 27-03-2009
Member
 
Join Date: Oct 2008
Posts: 161
Re: Network with 2 routers: TCP RST problem

hi,

I think you put the alias on the wrong router

If you put 192.168.1.2 for example, R2
your PC is seeking to join DMZ ta, ta is the gateway router with the road he arrives on R1 to reach the machine in your DMZ R1 back on, I think we should add a route on R1 to say that to reach 192.168.0.0 you have to go through the gateway 192.168.1.2

I never used the aliases but I will do something more in this genre

A test (there may be a mistake in my reasoning) in your present case, since you can leave your router with 192.168.0.1, it's normal that does not pass through R2.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Network with 2 routers: TCP RST problem"
Thread Thread Starter Forum Replies Last Post
Setup of Home Network with Two Routers eiamjbj Networking & Security 1 02-03-2012 02:26 AM
Suggestions Of Routers For Setting Up Condominium Network Vicky Woodley Networking & Security 4 20-11-2010 05:48 AM
Wireless network using two routers Tamohar Networking & Security 5 14-09-2010 05:28 AM
How should i configure two routers on same network Bassus45 Networking & Security 3 24-11-2009 01:21 AM


All times are GMT +5.5. The time now is 09:12 AM.