Firewall host: kernel parameter values

[Keith Morse]

I've got sort of a weird issue with a firewall I manage.   The thing has 
seven (7) interfaces, eth0 - eth6.  Three of the interfaces are physcially 
pci ethernet nic's using the via-rhine kernel module (eth0 - eth2).  The 
remaining four are on a quad fast ethernet card based on the Sun HappyMeal 
driver (sunhme) (eth3-eth6).  This critter, the firewall, only does 
routing, NAT, ip packet filtering, and vpn (ipsec with freeswan).


interface	driver		description
eth0:		via-rhine	external internet interface
eth1:		via-rhine	internal business lan
eth2:		via-rhine	dmz for the wireless isp services we provide
eth3:		sunhme		internal lan for showroom computers
eth4:		sunhme		internal lan for remote service monitoring
eth5:		sunhme		internal lan for R&D
eth6:		sunhme		internal lan for shop service work


The weird issue is this, eth0 -> eth3 do their job.  They forward packets, 
do NAT, filter packets accordingly.  eth4 -> eth6 do not forward and/or 
NAT packets.  I'm pretty sure that the netfilter rulesets are proper for 
job they need to do. I've reviewed them several times, compared them with 
rulesets on interfaces that do work.  The review includes the shell 
scripts that I initially use to setup the rulesets as well as the 
resulting output from "service iptables save" and "service iptables 
status".  

I am reluctant to post the results of the above here as they are all quite 
lengthy.

One of the questions I've come up with is...  Might I be coming up against 
kernel parameter limitations?  Another thought is that there might be some 
issue with the Sun Quad Ethernet card that I am unfamiliar with.

Any pointers or references would be appreciated.