Reaching gui on more than one subnet

ns7a3 vm behind a gateway, fresh, updated install, nothing installed,
two interfaces, both subnets green,
client on subnet A can access gui on ns subnet A ip,
client on subnet A cannot access gui on ns subnet B ip (connect timeout error),
client on subnet A can ping and complete tracert to ns on subnet B ip,
client on subnet A cannot connect ssh on ns subnet B ip,
client on subnet B can access gui on ns subnet B ip,
both subnets in trusted networks as green on ns,
both service 980 and 22 are accept green and red under network services,

now I’ve looked through the gateway logs and the ns logs and I don’t see anything blocked or error, is this in the ns httpd admin config?


Two green are “isolated” one from other.
You have to explicitly enable the traffic in the firewall rules.

Now I’m half surprised with the ping going throught subnets. I know the ping use the particular ICMP protocoll.
But at the same time, the ping is a tool to help localize resourses on the lan, on two trusted lan, is it abnormal to going through?
The answer depend entirely on the security policy in the enterprise…

It give me the idea to have an option to define this point.

Ie: to itotally isolate a R&D subnet from the rest of the Lan…

NS bridges the subnets, routing is done by the gateway. Tracert on client on subnet a shows the path to the gateway interface and to the ns subnet b interface. Traffic isn’t going through NS.

Also this is a fresh install, there’s no fw module installed, nothing is,

I will check this.

brain fart…


Seems like httpd conf is binding to the primary or default interface… here’s why I think that;

I had shut down the above instance yesterday, I started it up just a bit ago.
Both interfaces are still set for dhcp, both interfaces got a different address since the last boot because they were not assigned an ip in the dhcp server.
Subnet A is block all at the gateway, and the new ip was blocked on subnet A,
Subnet B is open, behind nat,
Client on subnet A is not able to access NS gui on ip on subnet A (connect timeout error),
Client on subnet A is able to access NS gui on ip on subnet B.
Quite the opposite of the previous boot.

Then I updated, and allowed the ip for interface A through the fw on the gateway, after it reboot to the NS beta, it swapped interfaces, now client on subnet can access ns gui on ns interface subnet A but not ns interface subnet b.

I tested the scenario but without a gateway in the middle: I can’t reproduce the problem

Httpd and httpd-admin daemon listen correctly on all interfaces, shorewall rules do not block the access on green network.

My test:

  • eth0: green (dhcp)
  • eth2 : green (static with no gateway)

Clients from both network can access httpd and httpd-admin.

1 Like

Well, thanks for giving it a look, I’ll think on it and look into it some more when I get a chance.