This is correct, but if I do “tcpdump -i br0 host <client-ip> and icmp” on the endian console, I can see ICMP packets coming through. But endian seems to drop them. I cannot confirm that they were dropped, but if I manually “route add” the route to the client, it works immediately.
Thanks in advance, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:15 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP If everyone is on the same switch and the same LAN the ping does not necessarily pass through the Endian, the switch itself is responsible for making this delivery. But if your Endian were physically between "cisco vpn box 2" and the server, then yes the Endian would be responsible for delivery. 2013/8/2 Marco Gabriel - inett GmbH <mgabr...@inett.de> They are all on the green LAN, connected to the same switches. Client and “cisco vpn box 1” are on another LAN, only connected through a VPN link. I know, this is not how we recommend to set this up, but it was like this when we came there. Thanks, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 15:40 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP the "cisco vpn box 2", the Endian and other machines are on the same LAN green? Your "cisco vpn box 2" is connected directly to a network card Endian or a switch? 2013/8/2 Marco Gabriel - inett GmbH <mgabr...@inett.de> Hello, I have a strange problem that may be related to the endian way of policy based routing. ICMP packages seem not to be routed properly. Client -> cisco vpn box 1 -> public network -> cisco vpn box 2 -> endian -> server RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP. If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too. So this seems to be a problem with the iptables way of routing packets. Any hints how to fix this? Best regards, Marco ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
