Why can't external traffic connect with internally hosted servers?

Article #: Product Castle
1026 All All



A server has been moved from a direct connection to an internal network behind the Smoothwall. A port forward to the service has been created but now external traffic cannot connect to the port forwarded service.

This is likely to be an Address Resolution Protocol (ARP) caching issue.


We have experienced this issue when the ARP cache on the gateway in front of the Smoothwall has not been updated. The now stale ARP cache entry points to the MAC address for the network card in use on the server, not to the MAC address for the network card on the Smoothwall.

The ARP resolution cache should update itself in time.This process can be accelerated by clearing the ARP cache on any gateways, routers, and switches in front of the Smoothwall by rebooting them, or clearing the ARP entries manually if possible.


Last updated: Author: Contributions by:
25 August 2016   Tanja