Hello,
I've got a very strange problem with the Subversion-Server svnserved. I have setup a Linux server with Subversion, Apache, MySQL and so on. This server is in the DMZ (10.0.0.4/24) - connected to the Astaro Firewall (6.102). My Internal is under 192.168.0.0/16; External interface has a static IP.
I can checkout files from the subversion repository - but I am not able to commit any files from Internal. I always get the error from TortoiseSVN "remote host closed connection".
The strange thing is: I can commit files from home (over the Internet) and I am able to access any service from Internal to DMZ (MySQL, Apache, SSH).
DMZ: 10.0.0.4, 10.0.0.0/24
Internal: 192.168.0.54, 192.168.0.0/16
External: static IP
NAT-Rules:
1) DNAT: Any -> Grp_DNS_domain_de / Grp_DMZ | None | DMZ_Host
2) MASQ: DMZ (Network) -> All / All | MASQ_External | None
3) MASQ: Internal (Network) -> All / All | MASQ_External | None
Grp_DNS_domain_de: subdomain1.domain.de, subdomain2.domain.de
Packet filter rules (I think, they are ok):
...
Any -> (Grp_DMZ) -> DMZ (Network): Allow
DMZ (Network) -> (Grp_DMZ) -> Any: Allow
DMZ (Network) -> (ping) -> Any: Allow
DMZ (Network) -> (traceroute) -> Any: Allow
...
Grp_DMZ has HTTP, HTTPS, Subversion, SSH and MySQL-Ports.
Subversion is TCP/UDP - 1:65536 - 3690 (have also tried TCP - 1024:65536 - 3690).
Internet -> DMZ (all services) works
Internal -> DMZ (all services) works, but not Subversion.
After investigating the packets on the Astaro Firewall with help of tcpdump and the incoming packets on the DMZ (with help of strace) I came to the following conclusion:
The authentication mechanism of Subversion / svnserved works, but the Astaro do not route the packets, which contains the commited data.
It seems, that the Masquerading/NAT is misconfigured.
Is anyone here, who can help me?
Best regards,
Christopher Klein
This thread was automatically locked due to age.