Why can't external traffic connect with internally hosted servers?

Article #:

Product

Castle

1026

All

All

Summary

 

Problem

A server has been moved from a direct connection to an internal network behind the Smoothwall. A port forward to the service has been created but now external traffic cannot connect to the port forwarded service.

This is likely to be an Address Resolution Protocol (ARP) caching issue.

Solution

We have experienced this issue when the ARP cache on the gateway in front of the Smoothwall has not been updated. The now stale ARP cache entry points to the MAC address for the network card in use on the server, not to the MAC address for the network card on the Smoothwall.

The ARP resolution cache should update itself in time.This process can be accelerated by clearing the ARP cache on any gateways, routers, and switches in front of the Smoothwall by rebooting them, or clearing the ARP entries manually if possible.

Attribution:

Last updated:

Author:

Contributions by:

25 August 2016

 

Tanja

 

Copyright © 2000-2016 Smoothwall All rights reserved.