Hi all, I have an iptables-based GW/firewall and private LAN behind. Via one-to-one NAT (with shorewall) I give the ext. NIC of the GW some more IP aliases, so that the clients behind are reachable from the outside.
Now to the problem: I CANNOT ping the internal machines (with the official IP address) from outside, but I CAN ping them from the GW. Looks like a NAT problem, BUT: a tcpdump shows something else. (eth1 is the inner NIC, 172.16.1.128 is the inner machine, so correct NAT I think) [while pinging from the outside (w/o response) - tcpdump on the GW] tcpdump: listening on eth1 22:38:51.271588 195.58.166.252 > 172.16.1.128: icmp: echo request (DF) 22:38:52.268837 195.58.166.252 > 172.16.1.128: icmp: echo request (DF) [while pinging from the GW (with response) - tcpdump on the GW] tcpdump: listening on eth1 22:45:51.223423 172.16.1.1 > 172.16.1.128: icmp: echo request (DF) 22:45:51.223806 172.16.1.128 > 172.16.1.1: icmp: echo reply 22:45:52.233374 172.16.1.1 > 172.16.1.128: icmp: echo request (DF) 22:45:52.233759 172.16.1.128 > 172.16.1.1: icmp: echo reply Hope that someone has an idea! TIA and Greetings, Matthias -- Ew! Lisa, honey, if it'll make you feel better I'll destroy something Bart loves. - Homer Simpson -- [EMAIL PROTECTED] mailing list
