Re: [Efw-user] Routing and ICMP
I explained my problem earlier this thread. I added the routes in the endian GUI. But Endian does not set routes, it uses iptables. And that does not work for ICMP as it seems, at least not on the endian. If I set the routes manually, it works as expected. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 19:59 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP But you need to add the route to have communication with another network. What is the problem? If your network gateway is the Endian is it then that should be the routes to other networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de mailto:mgabr...@inett.de Understood. I already tried to create a specific rule for ICMP traffic within the firewall (exactly at policy based routing). It showed me ICMP 8 and ICMP 30 to allow, but that didn’t work either. The only thing that worked so far was adding a route. Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com mailto:jonathanle...@gmail.com ] Gesendet: Freitag, 2. August 2013 17:33 An: efw-user@lists.sourceforge.net mailto:efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP But the issue is not the area in itself, but when do you configure a rule to redirect the Endian already takes care of creating a rule in the firewall to release this communication. What I asked was to test the firewall to create a rule allowing ICMP between these networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de mailto:mgabr...@inett.de There are two LANs, connected through two cisco boxes. LAN1 contains client and cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to play with the zones as everything for LAN1 should be routed through the cisco box 2. And that works for all services but ICMP. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com mailto:jonathanle...@gmail.com ] Gesendet: Freitag, 2. August 2013 17:23 An: efw-user@lists.sourceforge.net mailto:efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 http://192.168.10.0/24 network and the Green Zone. -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
the cisco vpn box 2, the Endian and other machines are on the same LAN green? Your cisco vpn box 2 is connected directly to a network card Endian or a switch? 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Hello, ** ** I have a strange problem that may be related to the endian way of policy based routing. ** ** ICMP packages seem not to be routed properly. ** ** Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian - server ** ** RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP. ** ** If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too. ** ** So this seems to be a problem with the iptables way of routing packets.*** * ** ** Any hints how to fix this? ** ** Best regards, Marco ** ** -- Kennen Sie schon den inett Newsletter? Unter http://www.inett.de/Newsletter eintragen und nichts mehr verpassen! inett GmbH Eschberger Weg 1 66121 Saarbrücken Geschäftsführer: Marco Gabriel Handelsregister Saarbrücken HRB 16588 Telefon: 0681 / 37 20 10 20 Telefax: 0681 / 37 20 10 29 Mobil: 0172 / 94 66 763 E-Mail: i...@inett.de Web: www.inett.de ** ** ** ** -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
They are all on the green LAN, connected to the same switches. Client and cisco vpn box 1 are on another LAN, only connected through a VPN link. I know, this is not how we recommend to set this up, but it was like this when we came there. Thanks, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 15:40 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP the cisco vpn box 2, the Endian and other machines are on the same LAN green? Your cisco vpn box 2 is connected directly to a network card Endian or a switch? 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de mailto:mgabr...@inett.de Hello, I have a strange problem that may be related to the endian way of policy based routing. ICMP packages seem not to be routed properly. Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian - server RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway cisco vpn box 2. As told, this works for all tested services but ICMP. If I set a route manually to the vpn box on the shell by using route add, it works. If I set a route directly on the client to the cisco box, it works too. So this seems to be a problem with the iptables way of routing packets. Any hints how to fix this? Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk http://pubads.g.doubleclick.net/gampad/clk?id=49501711amp;iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk http://pubads.g.doubleclick.net/gampad/clk?id=49501711amp;iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net mailto:Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
If everyone is on the same switch and the same LAN the ping does not necessarily pass through the Endian, the switch itself is responsible for making this delivery. But if your Endian were physically between cisco vpn box 2 and the server, then yes the Endian would be responsible for delivery. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de They are all on the green LAN, connected to the same switches. Client and “cisco vpn box 1” are on another LAN, only connected through a VPN link.** ** ** ** I know, this is not how we recommend to set this up, but it was like this when we came there. ** ** Thanks, Marco ** ** ** ** *Von:* Jonathan Lessa [mailto:jonathanle...@gmail.com] *Gesendet:* Freitag, 2. August 2013 15:40 *An:* efw-user@lists.sourceforge.net *Betreff:* Re: [Efw-user] Routing and ICMP ** ** the cisco vpn box 2, the Endian and other machines are on the same LAN green? Your cisco vpn box 2 is connected directly to a network card Endian or a switch? ** ** 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Hello, I have a strange problem that may be related to the endian way of policy based routing. ICMP packages seem not to be routed properly. Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian - server RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP. If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too. So this seems to be a problem with the iptables way of routing packets.*** * Any hints how to fix this? Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user ** ** -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
This is correct, but if I do “tcpdump -i br0 host client-ip and icmp” on the endian console, I can see ICMP packets coming through. But endian seems to drop them. I cannot confirm that they were dropped, but if I manually “route add” the route to the client, it works immediately. Thanks in advance, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:15 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP If everyone is on the same switch and the same LAN the ping does not necessarily pass through the Endian, the switch itself is responsible for making this delivery. But if your Endian were physically between cisco vpn box 2 and the server, then yes the Endian would be responsible for delivery. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de They are all on the green LAN, connected to the same switches. Client and “cisco vpn box 1” are on another LAN, only connected through a VPN link. I know, this is not how we recommend to set this up, but it was like this when we came there. Thanks, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 15:40 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP the cisco vpn box 2, the Endian and other machines are on the same LAN green? Your cisco vpn box 2 is connected directly to a network card Endian or a switch? 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Hello, I have a strange problem that may be related to the endian way of policy based routing. ICMP packages seem not to be routed properly. Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian - server RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP. If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too. So this seems to be a problem with the iptables way of routing packets. Any hints how to fix this? Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can
Re: [Efw-user] Routing and ICMP
what is the route that you add to work? 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de This is correct, but if I do “tcpdump -i br0 host client-ip and icmp” on the endian console, I can see ICMP packets coming through. But endian seems to drop them. I cannot confirm that they were dropped, but if I manually “route add” the route to the client, it works immediately. Thanks in advance, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:15 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP If everyone is on the same switch and the same LAN the ping does not necessarily pass through the Endian, the switch itself is responsible for making this delivery. But if your Endian were physically between cisco vpn box 2 and the server, then yes the Endian would be responsible for delivery. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de They are all on the green LAN, connected to the same switches. Client and “cisco vpn box 1” are on another LAN, only connected through a VPN link. I know, this is not how we recommend to set this up, but it was like this when we came there. Thanks, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 15:40 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP the cisco vpn box 2, the Endian and other machines are on the same LAN green? Your cisco vpn box 2 is connected directly to a network card Endian or a switch? 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Hello, I have a strange problem that may be related to the endian way of policy based routing. ICMP packages seem not to be routed properly. Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian - server RDP and other tcp/udp based services from client work, ICMP packets are sent to the server, the server answers but the packets seem not to be forwarded by the endian to the cisco vpn box 2. The cisco vpn box 2 and the endian are both in the same green LAN and the endian has configured a static route to static gateway “cisco vpn box 2”. As told, this works for all tested services but ICMP. If I set a route manually to the vpn box on the shell by using “route add”, it works. If I set a route directly on the client to the cisco box, it works too. So this seems to be a problem with the iptables way of routing packets. Any hints how to fix this? Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:44 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP what is the route that you add to work? -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 network and the Green Zone. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:44 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP what is the route that you add to work? -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
There are two LANs, connected through two cisco boxes. LAN1 contains client and cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to play with the zones as everything for LAN1 should be routed through the cisco box 2. And that works for all services but ICMP. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:23 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 network and the Green Zone. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:44 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP what is the route that you add to work? -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
But the issue is not the area in itself, but when do you configure a rule to redirect the Endian already takes care of creating a rule in the firewall to release this communication. What I asked was to test the firewall to create a rule allowing ICMP between these networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de There are two LANs, connected through two cisco boxes. LAN1 contains client and cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to play with the zones as everything for LAN1 should be routed through the cisco box 2. And that works for all services but ICMP. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:23 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 network and the Green Zone. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 16:44 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP what is the route that you add to work? -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
Understood. I already tried to create a specific rule for ICMP traffic within the firewall (exactly at policy based routing). It showed me ICMP 8 and ICMP 30 to allow, but that didn’t work either. The only thing that worked so far was adding a route. Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:33 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP But the issue is not the area in itself, but when do you configure a rule to redirect the Endian already takes care of creating a rule in the firewall to release this communication. What I asked was to test the firewall to create a rule allowing ICMP between these networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de There are two LANs, connected through two cisco boxes. LAN1 contains client and cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to play with the zones as everything for LAN1 should be routed through the cisco box 2. And that works for all services but ICMP. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:23 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 network and the Green Zone. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Routing and ICMP
But you need to add the route to have communication with another network. What is the problem? If your network gateway is the Endian is it then that should be the routes to other networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Understood. I already tried to create a specific rule for ICMP traffic within the firewall (exactly at policy based routing). It showed me ICMP 8 and ICMP 30 to allow, but that didn’t work either. The only thing that worked so far was adding a route. Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:33 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP But the issue is not the area in itself, but when do you configure a rule to redirect the Endian already takes care of creating a rule in the firewall to release this communication. What I asked was to test the firewall to create a rule allowing ICMP between these networks. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de There are two LANs, connected through two cisco boxes. LAN1 contains client and cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to play with the zones as everything for LAN1 should be routed through the cisco box 2. And that works for all services but ICMP. Best regards, Marco Von: Jonathan Lessa [mailto:jonathanle...@gmail.com] Gesendet: Freitag, 2. August 2013 17:23 An: efw-user@lists.sourceforge.net Betreff: Re: [Efw-user] Routing and ICMP I understood that all involved were on the same LAN green, but in this case they are not. Outside the routing would be interesting to create a rule in the firewall between zones. Releasing the ping between the 192.168.10.0/24 network and the Green Zone. 2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de Endian has 192.168.1.230 Cisco VPN box 2 has 192.168.1.254 Client has 192.168.10.239 On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” → works. Best regards, Marco -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Att.: Jonathan Lessa -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
